Unused `MerkleRootUpdated` Event in `MerkleAirdrop`
Unused MerkleRootUpdated Event in MerkleAirdrop
Description
MerkleAirdrop declares the following event:
However, this event is never emitted anywhere in the contract.
At the same time, i_merkleRoot is immutable and there is no function that updates the Merkle root, so this event is currently dead code.
Keeping unused events in production contracts can create confusion for integrators and auditors, because it implies behavior (root updates) that does not actually exist.
Risk
Likelihood: High
The issue is definitely present in the current codebase: the event exists but has no emit path.
Impact: Low
This does not create direct fund-loss risk or privilege escalation. The impact is limited to code clarity, maintainability, and potential monitoring/indexing confusion.
Proof of Concept
Static check confirms the event is declared once and never emitted:
Output:
No emit MerkleRootUpdated(...) usage is found.
Thus, the finding is confirmed: the event is unused.
Recommended Mitigation
Remove the unused event declaration to keep the contract interface minimal and accurate.
If Merkle root rotation is planned in future versions, keep the event only when a real root-update flow is implemented and emits it.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.