Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing event in the Withdraw function

yoanyjd

Summary

The withdraw function allows the host to withdraw the fund, however, there is no event emitted to log these withdrawals, making it difficult to track or audit the withdrawal process. This is a critical function, and the absence of an event reduces transparency and can pose a risk in terms of monitoring contract activity.

Vulnerability Details

The lack of an event makes it challenging to track withdrawals on the blockchain, which is essential for auditing and monitoring purposes.

Impact

Without an event, there is no way to easily monitor when funds are withdrawn from the contract. This can lead to missed detection of unauthorized withdrawals or misuse of funds.

Tools Used

Manual code review

Recommendations

Add an event to the withdraw function to log the withdrawal of the funds. This will improve transparency and ensure that all withdrawals are traceable.

event Withdraw(address indexed host, uint256 wethAmount, uint256 wbtcAmount, uint256 usdcAmount);
function withdraw() external onlyHost {
address _host = getHost();
uint256 wethAmount = i_WETH.balanceOf(address(this));
uint256 wbtcAmount = i_WBTC.balanceOf(address(this));
uint256 usdcAmount = i_USDC.balanceOf(address(this));
// Perform the withdrawals
i_WETH.safeTransfer(_host, wethAmount);
i_WBTC.safeTransfer(_host, wbtcAmount);
i_USDC.safeTransfer(_host, usdcAmount);
// Emit the single withdrawal event
emit Withdraw(_host, wethAmount, wbtcAmount, usdcAmount);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!