Missing Event Emission in _handleWethRewardDistribution Function
Summary
The _handleWethRewardDistribution function calculates and distributes WETH rewards between the protocol and vaults. However, it lacks an event emission to log these reward distributions. This missing event can hinder the observability of reward flows on-chain and reduce the transparency of the contract's behavior, particularly for off-chain monitoring and debugging purposes.
Affected Line of Code
Vulnerability Details
Function:
_handleWethRewardDistributionMissing Feature: Event emission
Cause: The function does not emit an event after distributing the WETH rewards, making it difficult to track the reward flow in real-time.
Impact
While the absence of the event does not directly affect the contract's security or functionality, it reduces the ability to monitor and audit the reward distribution process. Specifically:
Users, developers, or auditors cannot easily track how WETH rewards are distributed to the protocol and vaults.
The transparency of the system is compromised, which can decrease trust in the protocol's operations.
This is classified as Low Risk because it doesn't result in immediate security or operational failures but can hinder transparency.
Recommendations
To improve the transparency and observability of the reward distribution process, an event should be emitted to log the details of the WETH rewards being distributed. The following steps are recommended:
-
Define an event:
event WethRewardDistributed(address indexed assetOut,uint256 protocolReward,uint256 vaultReward); -
Emit the event at the end of the
_handleWethRewardDistributionfunction:emit WethRewardDistributed(assetOut,receivedProtocolWethRewardX18.unwrap(),receivedVaultsWethRewardX18.unwrap());
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.