RebateFi Hook

First Flight #53

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Event parameters swapped on `TokensWithdrawn`

ciphermalware

Root + Impact

Description

The withdrawTokens() function lets the owner withdraw tokens and emits a TokensWithdrawn event to track withdrawals
The event declaration defines the parameters as (token, to, amount) but the function emits them in the order (to, token, amount), switching the first two parameters

event TokensWithdrawn(address indexed token, address indexed to, uint256 amount);

function withdrawTokens(address token, address to, uint256 amount) external onlyOwner {

IERC20(token).transfer(to, amount);

@> emit TokensWithdrawn(to, token, amount); // Parameters swapped

}

Risk

Likelihood:

Each call to withdrawTokens() emits wrong event data
Event indexers will store incorrect mappings

Impact:

Tracking systems will associate withdrawals with wrong token addresses
Monitoring dashboards will display incorrect data

Proof of Concept

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.26;

import {Test} from "forge-std/Test.sol";

import {IPoolManager} from "v4-core/interfaces/IPoolManager.sol";

import {ReFiSwapRebateHook} from "../src/RebateFiHook.sol";

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

contract EventParameterSwapTest is Test {

ReFiSwapRebateHook hook;

address refiToken;

address recipient = address(0xBEEF);

event TokensWithdrawn(address indexed token, address indexed to, uint256 amount);

function setUp() public {

refiToken = address(new MockERC20());

IPoolManager poolManager = IPoolManager(address(0x789));

hook = new ReFiSwapRebateHook(poolManager, refiToken);

// Give hook some tokens to withdraw

deal(refiToken, address(hook), 1000e18);

}

function testEventParametersSwapped() public {

vm.expectEmit(true, true, false, true);

emit TokensWithdrawn(recipient, refiToken, 100e18); // Swapped order

hook.withdrawTokens(refiToken, recipient, 100e18);

}

function testOffChainIndexingBroken() public {

hook.withdrawTokens(refiToken, recipient, 100e18);

}

Recommended Mitigation

function withdrawTokens(address token, address to, uint256 amount) external onlyOwner {

IERC20(token).transfer(to, amount);

- emit TokensWithdrawn(to, token, amount);

+ emit TokensWithdrawn(token, to, amount);

}

Updates

Lead Judging Commences

chaossr Lead Judge 11 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Swapped token and to parameters in TokensWithdrawn event.

Rewards breakdown

nSLOC

150

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!