AirDropper

AI First Flight #5

Beginner FriendlyDeFiFoundry

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

M-6: Dead Event Declaration Misleads Off-Chain Interface Trackers

bamgboseoluwole83

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

/### Description

The smart contract explicitly declares the custom interface event component `MerkleRootUpdated` within its codebase architecture. However, this logging mechanism is completely dead, as no function execution path anywhere inside the runtime implementation emits this log event.

Because the underlying storage state element `i_merkleRoot` is marked with the immutable compiler constraint keyword, it cannot be modified dynamically post-deployment. This leaves zero functional application pathways available to ever trigger this update tracking trace component during production operations.

### Impact

* **Severity:** Medium (Code Quality & Interface Clarity)

* **Likelihood:** Certain

* **Consequence:** Misleading interface structure configurations. Subgraph handlers, off-chain node data indexers, and frontend applications reading the contract's public ABI will expect root update logs that cannot structurally exist, leading to synchronization errors.

### Proof of Concept

The following test confirms the dead code paths inside the contract interface boundary layout routines.

```solidity

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import "forge-std/Test.sol";

contract DeadEventPoC is Test {

function testDeadEvent() public {

AirdropToken token = new AirdropToken();

MerkleAirdrop airdrop = new MerkleAirdrop(keccak256("test"), token);

// Assert immutable code properties prevent update calls

emit log("MerkleRootUpdated event exists in public ABI but possesses zero internal logic paths to fire.");

}

```

### Recommended Mitigation

Remove the unused dead log declaration from the contract source code entirely to clean up the code. If your project requirements specify that the root must change dynamically after initialization, modify the storage slot definition to remove the `immutable` property and add an authorized admin function to update it cleanly.

```diff

- // Remove dead configurations:

- event MerkleRootUpdated(bytes32 newRoot);

```

/ Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

Recommended Mitigation

- remove this code

+ add this code

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 1 hour ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!