BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

Missing event emission in `cancelParticipation` function

valya

Root + Impact

Description

  • The cancelParticipation function updates BriVault contract's state: amount of stakedAsset and a balance of shares for the msg.sender, but no event is emitted. This omission reduces the transparency and traceability of these operations, which can hinder off-chain monitoring.

function cancelParticipation() public {
if (block.timestamp >= eventStartDate) {
revert eventStarted();
}
uint256 refundAmount = stakedAsset[msg.sender];
@> stakedAsset[msg.sender] = 0;
uint256 shares = balanceOf(msg.sender);
@> _burn(msg.sender, shares);
IERC20(asset()).safeTransfer(msg.sender, refundAmount);
}

Risk

Likelihood: HIGH

  • The issue occurs every time the cancelParticipation function is called.

Impact: LOW

  • The absence of event emissions can lead to reduced transparency and traceability of important state changes within the smart contract ecosystem.

Proof of Concept

Manual review shows that the event emission is absent in the code of the cancelParticipation function.

Recommended Mitigation

It is recommended to add an event and emit it once the contract's state is updated in cancelParticipation function

+event ParticipationCanceled(address user, uint256 refundAmount, uint256 sharesBurned);
function cancelParticipation() public {
if (block.timestamp >= eventStartDate) {
revert eventStarted();
}
uint256 refundAmount = stakedAsset[msg.sender];
stakedAsset[msg.sender] = 0;
uint256 shares = balanceOf(msg.sender);
_burn(msg.sender, shares);
IERC20(asset()).safeTransfer(msg.sender, refundAmount);
+ emit ParticipationCanceled();
}
Updates

Appeal created

bube Lead Judge 20 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!