Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing `FundsWithdrawn` Event — Reduced Transparency

rootkit677

Missing FundsWithdrawn Event — Reduced Transparency

Description

  • Normal behaviour: Financial actions like withdrawals should emit events so off-chain accounting tools and users can track fund movements.

  • Issue: withdraw() transfers ETH but does not emit the FundsWithdrawn event declared in IFestivalPass, leaving no on-chain trace beyond the raw value transfer.

// FestivalPass.sol
function withdraw(address target) external onlyOwner {
@> payable(target).transfer(address(this).balance);
}

Risk

Likelihood:

  • Very high; every withdrawal currently lacks a dedicated event.

Impact:

  • Indexers, analytics dashboards, or auditors must parse low-level Transfer traces instead of relying on a clear semantic event.

  • Makes it harder to prove that withdrawals match accounting expectations.

Proof of Concept

// After a purchase, owner calls withdraw(addr);
// No FundsWithdrawn event appears in transaction logs.

Recommended Mitigation

function withdraw(address target) external onlyOwner {
uint256 amount = address(this).balance;
- payable(target).transfer(amount);
+ (bool ok, ) = payable(target).call{value: amount}("");
+ require(ok, "Withdraw failed");
+ emit FundsWithdrawn(target, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Missing events / Events not properly configured

Informational. This protocol doesn't rely on events to function, they are just nice to have, but not mandatory.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.