Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

events-access

deadmanxxxii

Root + Impact

Description

  • Events in Solidity are crucial for providing off-chain applications (like block explorers, analytics platforms, and user interfaces) with real-time, auditable information about changes in a contract's state.

  • The FestivalPass.setOrganizer(address) function modifies a critical administrative variable, organizer, but it does not emit an event to signal this change. This makes it challenging for off-chain systems to track organizer changes without constantly reading contract state directly, which is inefficient and not standard practice for monitoring.

SLITHER OUTPUT:

## events-access
Impact: Low Confidence: Medium
- [ ] ID-7
[FestivalPass.setOrganizer(address)](src/FestivalPass.sol#L50-L52) should emit an event for:
- [organizer = _organizer](src/FestivalPass.sol#L51)
src/FestivalPass.sol#L50-L52
// Root cause in the codebase with @> marks to highlight the relevant section
// src/FestivalPass.sol
function setOrganizer(address _organizer) public onlyOwner {
organizer = _organizer; // @> State variable modified without an accompanying event emission
}

Risk

Likelihood:

  • This will occur every time the setOrganizer function is successfully called.

  • This will occur consistently whenever the organizer address is updated.

Impact:

  • Off-chain monitoring and auditing become more difficult, as there is no readily available, efficient way to track historical changes to the organizer address.

  • Reliance on direct state reads for this information can lead to inefficiency and potentially outdated data if not polled frequently.

Proof of Concept

// Example: Deploy FestivalPass and call setOrganizer
// On-chain: organizer address changes.
// Off-chain: No event is logged, so a service subscribed to contract events
// would not be notified of this change, making tracking difficult.
// Expected behavior:
// 1. Contract deployed with initial organizer.
// 2. `setOrganizer(newAddress)` is called.
// 3. `organizer` state variable updates on-chain.
// 4. (Missing) An event like `event OrganizerChanged(address indexed oldOrganizer, address indexed newOrganizer);` is emitted.

Recommended Mitigation

- remove this code
+ add this code
--- a/src/FestivalPass.sol
+++ b/src/FestivalPass.sol
@@ -49,5 +49,7 @@
function setOrganizer(address _organizer) public onlyOwner {
+ address oldOrganizer = organizer; // Store current organizer for the event
organizer = _organizer;
+ emit OrganizerChanged(oldOrganizer, _organizer); // @> Emit event after state update
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 26 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Missing events / Events not properly configured

Informational. This protocol doesn't rely on events to function, they are just nice to have, but not mandatory.

Appeal created

deadmanxxxii Submitter
25 days ago
inallhonesty Lead Judge
25 days ago
inallhonesty Lead Judge 23 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Missing events / Events not properly configured

Informational. This protocol doesn't rely on events to function, they are just nice to have, but not mandatory.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.