Stratax Contracts
First Flight #57
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: low

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

Author Revealed upon completion

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

Description:
The Stratax::transferOwnership function updates the owner state variable but does not emit an event to signal this critical administrative change:

function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
owner = _newOwner;
}

Ownership changes are highly sensitive operations that should always be observable by off-chain systems. Without an event, it becomes difficult for indexers, monitoring tools, and auditors to track when control of the contract has changed.

Impact:
Low. No direct security risk, but:

  • Reduces transparency of privileged operations

  • Makes ownership changes harder to monitor or audit

  • Can delay detection of unauthorized or accidental transfers in operational environments

Recommended Mitigation:
Emit an event including both the previous and new owner.

+ event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
+ address oldOwner = owner;
owner = _newOwner;
+ emit OwnershipTransferred(oldOwner, _newOwner);
}

This aligns with common best practices (e.g., OpenZeppelin’s Ownable) and improves observability of privileged state transitions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!