Lack of Event Emission After _calculateMultiplerAndSetWeights in calculateMultiplierAndSetWeightsFromRule
Summary
In the function:
the call to _calculateMultiplerAndSetWeights(params) updates state by setting new weights in the pool, yet no event is emitted to signal this significant action. Emitting events after weight adjustments is a recognized best practice for on-chain traceability and to help integrators or off-chain services track changes.
Vulnerability Details
Impact
Reduced Transparency: External watchers (including block explorers, indexers, and analytics tools) cannot easily detect that a weight update occurred via this function.
Potential Operational Confusion: If pool weights change without an event, it can be harder for auditors or integrators to confirm or debug weight changes over time.
Tools Used
Manual audit
Recommendations
Emit an Event after calling _calculateMultiplerAndSetWeights(params) that includes:
The calling address (msg.sender)
The pool address (params.poolAddress)
The updated weights or any other relevant details.
For example:
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.