No OwnershipTransferred Event in Stratax.transferOwnership()

Description

• Unlike StrataxOracle.transferOwnership() which correctly emits an OwnershipTransferred event, the Stratax.transferOwnership() silently changes ownership with no event:

Risk

Likelihood:

• Every ownership transfer on the Stratax contract is affected

• The inconsistency with StrataxOracle suggests this was an oversight

Impact:

• Off-chain monitoring services, block explorers, and indexing services cannot detect ownership changes

• Security dashboards that track privileged role changes will miss Stratax ownership transfers

• Forensic analysis after an incident is harder without an event trail

Proof of Concept

How the issue manifests:

1. Owner calls transferOwnership(newOwner) on the Stratax contract

2. The ownership changes on-chain, but no event is emitted

3. A monitoring service watching for OwnershipTransferred events sees nothing

4. If the new owner is a compromised address, there is no on-chain record of when the transfer occurred

Expected outcome: No event is emitted, making ownership changes invisible to off-chain systems.

Recommended Mitigation

The root cause is a missing event emission in the transferOwnership function, which is already correctly implemented in the sibling contract StrataxOracle.

Primary fix — Add event emission (matching StrataxOracle pattern):

Why this works: The event provides an on-chain record of every ownership change, enabling monitoring services, block explorers, and security dashboards to track privileged role changes. The pattern is consistent with StrataxOracle and the broader Solidity ecosystem (OpenZeppelin's Ownable emits this event).