Christmas Dinner

Summary

The withdraw() function, which allows the host to withdraw the funds after the deadline, does not emit an event. This omission reduces the transparency of the contract's operations and hinders off-chain monitoring or auditability of withdrawals.

Vulnerability Details

The withdraw() function is designed to transfer all collected funds to the host. However, it fails to emit an event logging the withdrawal action. Events are an essential mechanism in smart contracts for enabling off-chain systems (like dApps, explorers, and monitoring tools) to track significant state changes. Without an event, users, auditors, and other stakeholders cannot easily verify when and how withdrawals occurred, making the protocol less transparent and harder to monitor.

Impact

1. Stakeholders cannot track when withdrawals occur without directly inspecting the blockchain transaction details.

2. DApps, analytics platforms, and alerting tools relying on events will be unable to detect and log withdrawals.

3. Off-chain systems and users need to analyze transaction details manually to verify withdrawal operations.

Tools Used

• Manual review

Recommendations

Emit an event at the end of the withdraw() function to log the withdrawal action.