Liquidity Management

Summary

**Severity: **Low (Affects transparency, debugging, and security monitoring)

**Impact: **Moderate (Compromises protocol monitoring and analytics)

**Category: **Logging / Event Emission

Vulnerability Details

Several functions in the PerpetualVault smart contract fail to emit critical events, reducing visibility into protocol operations. Missing event emissions hinder off-chain monitoring, debugging, and incident detection.

Missing Events:

1. deposit(): No event for deposit initiation.

2. withdraw(): No event when a user requests a withdrawal.

3. run(): No event for position signals (long/short/close).

4. runNextAction(): No event when executing nextAction.

5. cancelFlow(): No event for flow cancellations.

6. _createIncreasePosition() , _createDecreasePosition(): No event for position initiation.

7. afterOrderExecution(): No event when an order is fully executed.

8. _settle(): No event when settlement begins.

9. _handleReturn(): No detailed withdrawal completion event.

Impact

• Monitoring Failure: Off-chain trackers can't monitor vault activities.

• Debugging Difficulty: Developers face challenges identifying issues.

• Security Risks: Delayed detection of malicious activity.

• Analytics Loss: Historical activity data becomes incomplete.

Tools Used

Manual Review

Recommendations

1. deposit() – Emit DepositInitiated().

2. withdraw() – Emit WithdrawalRequested().

3. run() – Emit SignalChange().

4. runNextAction() – Emit NextActionExecuted().

5. cancelFlow() – Emit FlowCancelled().

6. _createIncreasePosition() – Emit PositionIncreaseInitiated().

7. _createDecreasePosition() – Emit PositionDecreaseInitiated().

8. afterOrderExecution() – Emit OrderExecutionCompleted().

9. _settle() – Emit SettlementInitiated().

10. _handleReturn() – Emit WithdrawalCompleted().