TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Misleading Event Name: "FeeWithdrawn" Instead of "PrizeWithdrawn"

osuolale

Summary

The contract emits an event labeled FeeWithdrawn when a player wins and receives their 2 ether prize. However, the event name "FeeWithdrawn" is misleading, as the transaction is not related to the withdrawal of a fee. In fact, the 2 ether is a prize paid to the player for winning the game, not a fee. The use of the "FeeWithdrawn" event name could cause confusion for users or external systems interpreting the contract's events.

The line of code in question is:

```javascript

emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event```

</details>

Vulnerability Details

Impact

Confusion for Users and Auditors:

The name "FeeWithdrawn" implies that the transaction is related to the withdrawal of a fee, which could mislead users or third-party auditors who are interpreting the contract's events. This might lead them to assume that a fee has been paid or withdrawn when, in fact, it is the player receiving a prize.

Misleading Event Data:

When interacting with the contract's event logs, external systems or interfaces that rely on this event name could incorrectly categorize the transaction as a fee withdrawal. This could cause data integrity issues, especially in contract monitoring systems, wallets, or analytics platforms.

Potential for Misunderstanding in Future Modifications:

If the contract is modified or extended in the future, the event name may become even more misleading. For example, if actual fees are introduced in the game, the name "FeeWithdrawn" could create conflicts or confusion about which fees or prizes are being withdrawn.

Tools Used

MANUAL REVIEW

Recommendation

Rename the Event: The event name should be updated to reflect its purpose more accurately. A more appropriate name would be PrizeWithdrawn or PlayerPrizeWithdrawn. This would clearly indicate that the 2 ether is a prize rather than a fee.

Example:

````javascript

event PrizeWithdrawn(address player, uint256 amount);

emit PrizeWithdrawn(player, 2 ether);

// Emit the prize withdrawal event

```

</details>

Clarify the Purpose in Event Documentation:

Ensure that the event names and their purposes are well-documented so that both users and developers clearly understand the function and intent of each event.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.