Missing `Graduated` Event Emission in `graduateAndUpgrade`
Summary
This report identifies a minor omission in the graduateAndUpgrade() function of the LevelOne.sol contract. While a Graduated event is defined within the contract, presumably to signify the successful authorization of an upgrade to a new contract version (_levelTwo), this event is not actually emitted by the graduateAndUpgrade() function upon successful execution. Emitting events for such significant actions is crucial for off-chain monitoring, transparency, and enabling dApps or UIs to react to contract state changes.
Vulnerability Details / Issue Description
The LevelOne.sol contract defines the following event:
This event is intended to be emitted when the system is ready to "graduate" to the LevelTwo contract, which is authorized within the graduateAndUpgrade function.
The graduateAndUpgrade function performs payouts and authorizes the contract upgrade:
After successfully executing payouts and calling _authorizeUpgrade(_levelTwo), the function completes without emitting the Graduated event. This means off-chain services or user interfaces listening for this event will not be notified when the contract has authorized an upgrade to the _levelTwo address.
Tools Used
Manual Code Review
Recommendations
To enhance transparency and facilitate off-chain monitoring, the Graduated event should be emitted at the end of the graduateAndUpgrade function, after all critical operations (like payouts and _authorizeUpgrade) have successfully completed.
Lead Judging Commences
no event
Event not emitted
no event
Event not emitted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.