Secret Vault on Aptos
First Flight #46
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

Event Enhancement

romfoll

Setting a new secret doesn't provide distinguishable information for off-chain tools

Description

  • Events should provide useful information for off-chain tools

  • Event for setting new secret is empty struct

#[event]
struct SetNewSecret has drop, store {
}

Risk

Likelihood:

  • It occurs when setting a new secret

Impact:

  • Since the struct has no fields, every emission of SetNewSecret {} is identical. If the set_secret function is called multiple times (e.g., updating the secret repeatedly), off-chain tools (like indexers, explorers, or dApps) can't differentiate between events.

  • Events are stored on-chain (via the store ability) and contribute to the global state. Empty events clutter the event stream without adding meaningful history, potentially increasing query times for tools scanning the event handle.

Recommended Mitigation

Adding owner and timestamp sections provides a lot of useful information for off-chain tools

#[event]
struct SetNewSecret has drop, store {
+ owner: address,
+ timestamp: u64
}
Updates

Lead Judging Commences

bube Lead Judge 16 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Insufficient Data in `SetNewSecret` event

This is an Informational finding. It has no impact on the security of the protocol.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.