Secret Vault on Aptos

First Flight #46

Beginner FriendlyWallet

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Empty Event Payload

mentemdeus

Description

Events should include enough data for off-chain indexers to correlate actions.
SetNewSecret event has no fields, So it's mpossible to know who updated or correlate to a specific state change.

// move

#[event]

struct SetNewSecret has drop, store { } // no fields

Risk

Likelihood:

Always every emission contains no useful context.

Impact:

Poor observability for wallets/indexers, harder debugging and analytics.

Proof of Concept

All emitted events are identical; cannot attribute to @owner or a transaction specific value.

Recommended Mitigation

- #[event]

- struct SetNewSecret has drop, store { }

+ #[event]

+ struct SetNewSecret has drop, store {

+ actor: address,

+ // optionally: version: u64, timestamp: u64, etc.

+ }

...

- event::emit(SetNewSecret {});

+ event::emit(SetNewSecret { actor: signer::address_of(caller) });

Updates

Lead Judging Commences

bube Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Insufficient Data in `SetNewSecret` event

This is an Informational finding. It has no impact on the security of the protocol.

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!