Submission Details
Impact:
Likelihood:
Missing Events for Critical State Changes
Description
The contract fails to emit events when fee parameters are modified, making off-chain monitoring, analytics, and user notification impossible. This lack of transparency undermines trust and makes the protocol difficult to integrate with external systems.
function ChangeFee(bool _isBuyFee, uint24 _buyFee, bool _isSellFee, uint24 _sellFee) external onlyOwner {
if(_isBuyFee) buyFee = _buyFee; // No event emitted
if(_isSellFee) sellFee = _sellFee; // No event emitted
}
Risk
Impact:
-
Difficult to track fee changes off-chain
-
Reduced transparency for users
-
Harder to monitor contract activity
Proof of Concept
Add the following to `RebateFiHookTest.t.sol`
function test_NoEventOnFeeChange() public {
rebateHook.ChangeFee(true, 1000, true, 4000);
(uint24 buyFee, uint24 sellFee) = rebateHook.getFeeConfig();
assertEq(buyFee, 1000);
assertEq(sellFee, 4000);
// No events emitted to track these changes
}
Recommended Mitigation
+ event FeesChanged(uint24 buyFee, uint24 sellFee);
function ChangeFee(bool _isBuyFee, uint24 _buyFee, bool _isSellFee, uint24 _sellFee) external onlyOwner {
if(_isBuyFee) buyFee = _buyFee;
if(_isSellFee) sellFee = _sellFee;
+ emit FeesChanged(buyFee, sellFee);
}
Rewards breakdown
nSLOC
150This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.