Root + Impact
Description
The protocol lacks comprehensive event emission for critical state changes, making it difficult to track protocol activity off-chain. Missing events include CRED token minting, NFT ownership transfers, and staking reward distributions.
The mint function and other state-changing operations don't emit events, preventing off-chain monitoring and historical analysis of protocol activity.
@> public(friend) fun mint(
@>     module_owner: &signer,
@>     to: address,
@>     amount: u64
@> ) acquires CredCapabilities {
@>     let caps = borrow_global<CredCapabilities>(signer::address_of(module_owner));
@>     let coins = coin::mint<CRED>(amount, &caps.mint_cap);
@>     if (coin::is_account_registered<CRED>(to)) {
@>         coin::deposit(to, coins);
@>     } else {
@>         coin::destroy_zero(coins);
@>     };
@> }
Risk
Likelihood:
Impact:
- Difficult off-chain tracking and monitoring 
- Limited historical analysis capabilities 
- Reduced transparency for users and auditors 
Proof of Concept
This PoC demonstrates the lack of event emission across critical operations:
cred_token::mint(&module_owner, user_address, 1000);
one_shot::mint_rapper(&module_owner, user_address);
streets::stake(&user, token_object);
rap_battle::go_on_stage_or_battle(&user, token, 100);
Recommended Mitigation
The mitigation adds comprehensive event emission for all critical operations:
+ #[event]
+ struct MintEvent has drop, store {
+     to: address,
+     amount: u64,
+     timestamp: u64,
+ }
+ 
+ #[event]
+ struct StakedEvent has drop, store {
+     owner: address,
+     token_id: address,
+     start_time: u64,
+     bet_amount: u64,
+ }
+ 
+ #[event]
+ struct BattleResultEvent has drop, store {
+     defender: address,
+     challenger: address,
+     winner: address,
+     prize_amount: u64,
+     timestamp: u64,
+ }
+ 
  public(friend) fun mint(
      module_owner: &signer,
      to: address,
      amount: u64
  ) acquires CredCapabilities {
      let caps = borrow_global<CredCapabilities>(signer::address_of(module_owner));
      let coins = coin::mint<CRED>(amount, &caps.mint_cap);
+     event::emit(MintEvent { to, amount, timestamp: timestamp::now_seconds() });
+     
      if (coin::is_account_registered<CRED>(to)) {
          coin::deposit(to, coins);
      } else {
          coin::destroy_zero(coins);
      };
  }
+ 
+ // Add similar events for all state-changing operations
+ // streets::stake() -> emit StakedEvent
+ // streets::unstake() -> emit UnstakedEvent with rewards
+ // rap_battle::go_on_stage_or_battle() -> emit BattleResultEvent
This mitigation adds comprehensive event logging that enables off-chain monitoring, historical analysis, and improved transparency for all protocol operations.