RebateFi Hook
First Flight #53
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect parameters in the event `TokensWithdrawn`

iamgeorgi

Incorrectly passed parameters result in emitting misleading or inaccurate event data

Description

  • Normal **behavior - **In RebateFiHook.solwhen the owner wants to withdraw tokens from the contract via the withdrawTokens function an event should be emitted in that order : address indexed token, address indexed to, uint256 amount.

  • Issue - The order of the parameters is wrong and it can lead to inaccurate logs.

function withdrawTokens(address token, address to, uint256 amount) external onlyOwner {
IERC20(token).transfer(to, amount);
@> emit TokensWithdrawn(to, token , amount);
}

Risk

Likelihood:

  • High likelihood because every time user wants to withdraw tokens this event is going to be emitted with the wrong parameters

Impact:

  • Misleading information

  • Inaccurate data could cause serious issues if an off-chain monitoring system relies on these events at some point in the future.


Proof of Concept

N/A

event TokensWithdrawn(address indexed token, address indexed to, uint256 amount);

Recommended Mitigation

Update RebateFiHook.sol. by using the correct order of the parameteres.

function withdrawTokens(address token, address to, uint256 amount) external onlyOwner {
IERC20(token).transfer(to, amount);
- emit TokensWithdrawn(to, token , amount);
+ emit TokensWithdrawn(token,to,amount);
}
Updates

Lead Judging Commences

chaossr Lead Judge 11 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Swapped token and to parameters in TokensWithdrawn event.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!