Missing event in `LikeRegistry::withdrawFees`, which reduces transparency
Summary
The withdrawFeesfunction changes the totalFeesstate variable but doesn't emit an event.
Source Code:
Vulnerability Details
There's no on-chain record (via events) when the owner withdraws funds, making it harder for external watchers (UIs, indexers, auditors) to track fee withdrawals.
While it doesn’t introduce a security vulnerability, a malicious owner could frequently withdraw funds without an easy way for users to monitor it via event logs.
Impact
Users and external monitors cannot easily track fee withdrawals. I consider it a Low, because it doesn't affect funcionality, but reduces transparency. Specially when it comes to an action that only the owner can perform.
If users want to verify when and how much was withdrawn, they’d have to scan transactions manually, which is inefficient.
Tools Used
Slither
Recommendations
Consider adding an event to broadcast the withdrawal of the fees:
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.