Stratax Contracts
First Flight #57
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

sbb

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

Description:
The Stratax::transferOwnership function updates the owner state variable but does not emit an event to signal this critical administrative change:

function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
owner = _newOwner;
}

Ownership changes are highly sensitive operations that should always be observable by off-chain systems. Without an event, it becomes difficult for indexers, monitoring tools, and auditors to track when control of the contract has changed.

Impact:
Low. No direct security risk, but:

  • Reduces transparency of privileged operations

  • Makes ownership changes harder to monitor or audit

  • Can delay detection of unauthorized or accidental transfers in operational environments

Recommended Mitigation:
Emit an event including both the previous and new owner.

+ event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
+ address oldOwner = owner;
owner = _newOwner;
+ emit OwnershipTransferred(oldOwner, _newOwner);
}

This aligns with common best practices (e.g., OpenZeppelin’s Ownable) and improves observability of privileged state transitions.

Updates

Lead Judging Commences

izuman Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

No Event Emission for State Changes

No events emitted for on-chain state changes for off-chain observability

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!