Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing Events

nathanscott5467

Summary

Consider emitting events for all major state changes (graduation, upgrades, bursary payouts)

Vulnerability Details

You should emit events at the end of the function, after all the critical actions (payments, checks, and upgrade) have been performed.
This will allow any off-chain system to track what action occurs and which contract address is now active.

Impact

The impact of missing an emit statement for your event can be significant for usability, transparency, and integrations.

If you don’t emit the event, there’s no easy way for external systems to know that action happened, or to which address
Debugging and Auditing Becomes Harder

Tools Used

Manual Review

Recommendations

Add these at the top of LevelOne.sol contract.

event StudentGraduated(address indexed student, uint256 score);

event ContractUpgraded(address indexed newImplementation);

event BursaryUpdated(uint256 newBursaryBalance);

event PaymentToPrincipal(address indexed principal, uint256 amount);

event PaymentToTeacher(address indexed teacher, uint256 amount);

You can configure graduateAndUpgrade function as following.

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {

require(block.timestamp >= sessionEnd, "Session not ended");

uint256 totalTeachers = listOfTeachers.length;

uint256 teacherTotal = (bursary * TEACHER_WAGE) / PRECISION;

uint256 payPerTeacher = totalTeachers > 0 ? teacherTotal / totalTeachers : 0;

uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;

// Graduation logic

for (uint256 i = 0; i < listOfStudents.length; i++) {

address student = listOfStudents[i];

require(reviewCount[student] == 4, "Student missing reviews");

if (studentScore[student] >= cutOffScore) {

emit StudentGraduated(student, studentScore[student]);

// Optionally: Add to new list, etc.

}

// Payments

for (uint256 n = 0; n < totalTeachers; n++) {

usdc.safeTransfer(listOfTeachers[n], payPerTeacher);

emit PaymentToTeacher(listOfTeachers[n], payPerTeacher);

}

usdc.safeTransfer(principal, principalPay);

emit PaymentToPrincipal(principal, principalPay);

bursary = bursary - principalPay - teacherTotal;

emit BursaryUpdated(bursary);

_authorizeUpgrade(_levelTwo);

emit ContractUpgraded(_levelTwo); // upgrade event

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

no event

Event not emitted

Appeal created

mishoko Auditor

6 months ago

nathanscott5467 Submitter

6 months ago

yeahchibyke Lead Judge

6 months ago

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

no event

Event not emitted

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.