Submission Details
Impact:
Likelihood:
Missing event emission for failed credit withdrawals
Root + Impact
Description
The withdrawAllFailedCredits function allows users to withdraw ETH that was previously credited to them after a failed transfer. However, the function does not emit any event upon successful withdrawal. This reduces transparency, makes it harder for users and external indexers to track withdrawals, and complicates off-chain accounting or auditing.
function withdrawAllFailedCredits(address _receiver) external {
uint256 amount = failedTransferCredits[_receiver];
require(amount > 0, "No credits to withdraw");
failedTransferCredits[msg.sender] = 0;
(bool success, ) = payable(msg.sender).call{value: amount}("");
require(success, "Withdraw failed");
//@audit - no event emitted
}
Risk
Likelihood:
High.
Impact:
Low — no loss of funds or security risk, but decreases usability and monitoring.
Recommended Mitigation
Emit an event whenever a withdrawal occurs.
event FailedCreditsWithdrawn(address indexed receiver, uint256 amount);
function withdrawAllFailedCredits(address _receiver) external {
...
emit FailedCreditsWithdrawn(_receiver, amount);
}
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.