Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

[L-6] - The `BidBeastsNFTMarket::withdrawFee` function should emit the `FeeWithdrawn` event after it alters storage variables.

thecil

Root + Impact

[L-6] - The BidBeastsNFTMarket::withdrawFee function should emit the FeeWithdrawn event after it alters storage variables.

Description

The withdrawFee function allows the owner to withdraw the total fees accured by the protocol sales. However, the FeeWithdrawn event is being triggered at the end of the logic of the function, where it should be emitted when the storage variable are altered.

Risk

Likelihood: Low.

Impact: Low.

Proof of Concept

This is the actual codebase of the withdrawFee function, where the FeeWithdrawn event is being triggered after the _payout function, not after altering the storage at s_totalFee = 0

function withdrawFee() external onlyOwner {
uint256 feeToWithdraw = s_totalFee;
require(feeToWithdraw > 0, "No fees to withdraw");
s_totalFee = 0;
_payout(owner(), feeToWithdraw);
@> emit FeeWithdrawn(feeToWithdraw);
}

Recommended Mitigation

Consider always emitting events after sensitive changes take place to facilitate tracking and notify off-chain clients that follow the protocol's contracts' activity.

function withdrawFee() external onlyOwner {
uint256 feeToWithdraw = s_totalFee;
require(feeToWithdraw > 0, "No fees to withdraw");
s_totalFee = 0;
+ emit FeeWithdrawn(feeToWithdraw);
_payout(owner(), feeToWithdraw);
- emit FeeWithdrawn(feeToWithdraw);
}
Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!