Submission Details
Severity:
Missing ValueUpdated Event Emission in TimeWeightedAverage Library's updateValue Function
Summary
The ValueUpdated event is define but never used, this is an omission.
Vulnerability Details
function updateValue(
Period storage self,
uint256 newValue,
uint256 timestamp
) internal {
if (timestamp < self.startTime || timestamp > self.endTime) {
revert InvalidTime();
}
unchecked {
uint256 duration = timestamp - self.lastUpdateTime;
if (duration > 0) {
uint256 timeWeightedValue = self.value * duration;
if (timeWeightedValue / duration != self.value) revert ValueOverflow();
self.weightedSum += timeWeightedValue;
self.totalDuration += duration;
}
}
self.value = newValue;
self.lastUpdateTime = timestamp;
// @audit Missing event emission
// emit ValueUpdated(timestamp, oldValue, newValue);
}
The event is defined but never used:
event ValueUpdated(uint256 timestamp, uint256 oldValue, uint256 newValue);
Impact
No event emission whenever updateValue is called.
if the protocol uses off-chain system the system will not be able to track value updates.
Tools Used
Manual code review
Recommendations
Add event emission to updateValue
function updateValue(
Period storage self,
uint256 newValue,
uint256 timestamp
) internal {
if (timestamp < self.startTime || timestamp > self.endTime) {
revert InvalidTime();
}
unchecked {
uint256 duration = timestamp - self.lastUpdateTime;
if (duration > 0) {
uint256 timeWeightedValue = self.value * duration;
if (timeWeightedValue / duration != self.value) revert ValueOverflow();
self.weightedSum += timeWeightedValue;
self.totalDuration += duration;
}
}
self.value = newValue;
self.lastUpdateTime = timestamp;
++ emit ValueUpdated(timestamp, oldValue, newValue);
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.