Event Manipulation in `ReFiSwapRebateHook::_ReFiBought` and `ReFiSwapRebateHook::_ReFiSold` events.
Root + Impact
Description
The implementation emits different event structures for buy and sell operations, with buy events ReFiBought missing fee information while sell events ReFiSold include unused calculated values. This inconsistency creates audit trail gaps and security monitoring challenges.
Inconsistent event emssion between buy and sell paths, with ReFiBought events omitting fee information while ReFiSold events include unused calculations. This creates security monitoring gaps, regulatory compliance issues, and potential protocol manipulation vectors.
Risk
Likelihood:
-
Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
-
Reason 2
Impact:
-
Impact 1
-
Impact 2
Proof of Concept
1 A malicious pool operator sets buyFee to an unusually high value (e.g., 50,000 = 5%).
2 When users perform buy swaps, the pool manager applies the fee correctly on‑chain.
3 However, the emitted ReFiBought event only shows swapAmount — no fee information.
4 Off‑chain monitoring tools and auditors see trades with no fee logged, assuming fees were not applied.
5 The operator can claim “no fees were charged” while silently extracting them, creating a false audit trail.
6 Conversely, in sell swaps, the event logs a feeAmount that is not actually enforced, misleading observers into thinking fees were applied differently than reality
Recommended Mitigation
Implement unified fee calculation logic for both paths
Standardize event emissions with complete fee information
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.