Submission Details
Impact:
Likelihood:
[L-6] Missing Events in `FestivalPass::setOrganizer` and `FestivalPass::withdraw` Functions
Description
The functions `setOrganizer()` and `withdraw()` update critical contract state or transfer ETH, but do not emit any events,
which hinders transparency and off-chain monitoring.
Risk
Impact:
1. Reduces observability and traceability
2. Users cannot track organizer changes or ETH outflows via event logs
Proof of Concept
1. Call setOrganizer(newAddress):
- No event appears in logs — hard to audit changes.
2. Call withdraw(someAddress):
- Funds are moved silently; no record is emitted.
Recommended Mitigation
```diff
+ event OrganizerUpdated(address indexed previous, address indexed newOrganizer);
+ event FundsWithdrawn(address indexed target, uint256 amount);
```
```diff
function setOrganizer(address _organizer) public onlyOwner {
organizer = _organizer;
+ emit OrganizerUpdated(organizer, _organizer);
}
```
```diff
function withdraw(address target) external onlyOwner {
+ uint256 amount = address(this).balance;
payable(target).transfer(amount);
+ emit FundsWithdrawn(target, amount);
}
```
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Missing events / Events not properly configured
Informational. This protocol doesn't rely on events to function, they are just nice to have, but not mandatory.
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.