Stratax Contracts
First Flight #57
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

sbb

Missing Event Emission on Ownership Transfer Reduces Administrative Traceability

Description:
The Stratax::transferOwnership function updates the owner state variable but does not emit an event to signal this critical administrative change:

function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
owner = _newOwner;
}

Ownership changes are highly sensitive operations that should always be observable by off-chain systems. Without an event, it becomes difficult for indexers, monitoring tools, and auditors to track when control of the contract has changed.

Impact:
Low. No direct security risk, but:

  • Reduces transparency of privileged operations

  • Makes ownership changes harder to monitor or audit

  • Can delay detection of unauthorized or accidental transfers in operational environments

Recommended Mitigation:
Emit an event including both the previous and new owner.

+ event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
function transferOwnership(address _newOwner) external onlyOwner {
require(_newOwner != address(0), "Invalid address");
+ address oldOwner = owner;
owner = _newOwner;
+ emit OwnershipTransferred(oldOwner, _newOwner);
}

This aligns with common best practices (e.g., OpenZeppelin’s Ownable) and improves observability of privileged state transitions.

Updates

Lead Judging Commences

izuman Lead Judge 16 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

No Event Emission for State Changes

No events emitted for on-chain state changes for off-chain observability

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!