Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

[L-3] Missing SnowEarned Event in earnSnow

0xsnoweth

Root + Impact

  • Root: The earnSnow function lacks a SnowEarned event to log token earnings;

  • Impact: Reduces auditability and transparency of free token distributions.

Description

  • The earnSnow function mints 1 token per week but does not emit an event to record the action, making it difficult to track earnings for users or auditors.

// Root cause in the codebase with @> marks to highlight the relevant section
function earnSnow() external canFarmSnow {
if (s_earnTimer != 0 && block.timestamp < (s_earnTimer + 1 weeks)) {
revert S__Timer();
}
_mint(msg.sender, 1);
s_earnTimer = block.timestamp;
//@Audit-low missing snow earned event.
}

Risk

Likelihood:

  • During every call to earnSnow within the farming period.

  • When auditing or monitoring token distributions.

Impact:

  • Limits visibility into free token earnings, complicating reconciliation.

  • Low severity due to lack of direct exploit potential.

Proof of Concept

  • Missing Event Demonstration:

  • Call earnSnow and observe no SnowEarned event emission, relying on manual balance checks instead.

Recommended Mitigation

contract Snow is ERC20, Ownable {
event SnowEarned(address indexed earner, uint256 amount);
function earnSnow() external canFarmSnow {
if (s_earnTimer != 0 && block.timestamp < (s_earnTimer + 1 weeks)) {
revert S__Timer();
}
_mint(msg.sender, 1);
s_earnTimer = block.timestamp;
+ emit SnowEarned(msg.sender, 1);// Add event
}
}

  • Add a SnowEarned event to log each earning.

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.