BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

Insufficient Event Transparency

drmanhattan852

[L-2] Insufficient Event Transparency

Description

The contract emits limited events that don't provide full transparency for critical operations, especially for setWinner which determines the outcome of the tournament.

function setWinner(uint256 countryIndex) public onlyOwner returns (string memory) {

// ...

emit WinnerSet(winner);

// ...

}

Risk

Likelihood:

The contract always emits minimal events with incomplete information during critical operations
Events lack crucial context data needed for external verification and monitoring

Impact:

External systems have insufficient information to accurately track and verify winner selection
Users can't independently verify key parameters like prize pool or winning share distribution

Proof of Concept

Owner sets a team as winner and emits only the team name in the event. External monitoring systems and users cannot easily verify the country index or prize pool size.

// Owner sets a winner

vault.setWinner(5);

// Event only contains winner name

// Missing critical information like:

// - Total winning shares

// - Prize pool size

// - Country index

Recommended Mitigation

Enhance event emissions with comprehensive contextual data. Update the WinnerSet event to include the country index, total winning shares, and prize pool size. Similarly enhance other critical events to provide complete transparency for all state-changing operations.

function setWinner(uint256 countryIndex) public onlyOwner returns (string memory) {

// [existing code]

emit WinnerSet(winner, countryIndex, totalWinnerShares, finalizedVaultAsset);

// ...

}

// Update event definition

event WinnerSet(string winnerCountry, uint256 indexed countryIndex, uint256 totalWinningShares, uint256 prizePool);

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!