Root + Impact

Description

• State-changing functions in smart contracts should emit events to enable off-chain indexing, frontend updates, and audit trails. The contract properly emits events for deposit() (via deposited), withdraw() (via Withdraw), and joinEvent() (via joinedEvent), establishing a pattern of event emission for user actions.

• The cancelParticipation() function modifies multiple critical state variables (stakedAsset[msg.sender], burns shares, and transfers refunds) but does not emit any event. This creates a transparency gap where cancellations are invisible to off-chain observers, making it impossible for frontends, analytics platforms, or indexers to track which users cancelled, when they cancelled, and how much they received. This inconsistency with the rest of the contract's event emission pattern hinders integration efforts and makes protocol activity incomplete in external monitoring systems.

Risk

Likelihood:

• This issue manifests whenever off-chain systems attempt to reconstruct the complete state of the protocol, particularly when frontends or analytics platforms need to display accurate participant counts, total staked amounts, or historical cancellation data.

• The impact occurs during integration and monitoring scenarios where third-party tools rely on events for indexing, but it does not affect core protocol execution or smart contract functionality.

Impact:

• Off-chain systems cannot track cancellations, leading to inaccurate displays of active participants, total stakes, and historical activity in frontends and dashboards that users rely on for decision-making.

• Audit trails become incomplete as there is no permanent on-chain record of cancellations accessible via event logs, making post-mortem analysis and debugging more difficult for developers and auditors investigating protocol behavior.

Proof of Concept

Recommended Mitigation

Provides transparency and enables complete off-chain tracking of all user actions within the protocol.