Last Man Standing

- The Claimed event is emitted after resetting the pot value to zero, resulting in incorrect data being recorded in emitted logs.

​

Specifically, the prize shown in the Claimed event is always 0, even though the actual ETH transfer happened based on the non-zero pot before the reset.

​

- This leads to inconsistencies between on-chain state and event logs, breaking assumptions for users,

​

off-chain indexers, analytics tools, or explorers that rely on event data.

​

-> Example Code (Vulnerable Pattern):

​

```javascript

uint256 prize = pot;

pot = 0;

​

emit Claimed(msg.sender, prize);

```

The prize should be stored in a local variable before zeroing the pot. Otherwise, the emitted value is always 0.

​

1. Classification: Information Discrepancy / Logging Error

​

2. Affected Component: Claimed event

​

3. Consequence:

​

a. Users may be misled into thinking no prize was paid.

​

b. Indexers and analytics tools that use this event will report incorrect payout history.

​

c. Difficult to audit or track payout history based on event logs alone.

​

```javascript

function test_ClaimedEventEmitsZeroPrize() public {

// Arrange

address winner = address(0xBEEF);

vm.deal(address(r), 1 ether); // Seed pot

vm.prank(owner);

r.selectWinner(winner); // Sets winner

​

// Act

vm.prank(winner);

vm.expectEmit(true, true, false, true);

emit Raffle.Claimed(winner, 1 ether); // what we expect

r.claim();

​

// Assert

// The pot is transferred correctly (check balance)

assertEq(winner.balance, 1 ether);

}

```

​

This test will fail if the Claimed event is emitted after pot = 0,

because the emitted event will show 0 as the prize.

Move the emit Claimed(...) line before resetting the pot, or cache the pot value in a local variable before zeroing:

​

Fixed Code:

​

```javascript

uint256 prize = pot;

emit Claimed(msg.sender, prize); // emit with correct value

pot = 0;

```