[L-1]: Uninformative Event Hinders Off-Chain Monitoring
[L-1]: Uninformative Event Hinders Off-Chain Monitoring
Description
Events emitted by a contract should contain relevant data to allow off-chain services to monitor on-chain activity.
The SetNewSecret event is an empty struct. When emitted, it signals that an update happened but provides no context, such as who performed the action or when it occurred.
Risk
Likelihood: High
This uninformative event is emitted every time
set_secretis successfully called.
Impact: Low
-
Reduced Auditability: It is difficult for off-chain tools, block explorers, or security dashboards to track the vault's history.
-
Integration Difficulty: Applications that want to react to a secret being updated cannot easily use this event because it lacks identifying information.
Proof of Concept
The issue is self-evident from the code. When event::emit(SetNewSecret {}) is executed, an event with an empty data payload is logged. An off-chain indexer parsing this event cannot determine who the owner was or get a timestamp without parsing the raw transaction details, defeating the purpose of events.
Recommended Mitigation
Add relevant fields to the event struct and populate them when the event is emitted.
Lead Judging Commences
Insufficient Data in `SetNewSecret` event
This is an Informational finding. It has no impact on the security of the protocol.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.