Santa's List

AI First Flight #3

Beginner FriendlyFoundry

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

CheckedOnce/CheckedTwice events do not index the person, degrading off-chain list tracking

sub99

CheckedOnce/CheckedTwice events do not index the person, making per-address filtering require a full log scan

Description

The CheckedOnce and CheckedTwice events emit person as a non-indexed parameter, so off-chain consumers cannot filter logs by a specific address and must scan and decode every event.

// SantasList.sol:93

event CheckedOnce(address person, Status status); // @> person not indexed

event CheckedTwice(address person, Status status); // @> person not indexed

Risk

Likelihood: Low

This affects only off-chain indexing efficiency. It manifests whenever a consumer needs status updates for a particular address, which is a common access pattern for a per-person list.

Impact: Low

Without an indexed topic, dapps and indexers cannot subscribe to a single address's updates and must pull and parse the entire event history, increasing query cost and latency. No on-chain funds or logic are affected.

Proof of Concept

A log query filtered by person topic returns nothing because the field is not indexed; only an unfiltered scan works.

function test_personNotFilterableByTopic() public {

// vm.expectEmit(true, false, false, true) would fail to match on `person`

// since `person` occupies the data section, not topic1

vm.recordLogs();

vm.prank(santa);

santasList.checkList(victim, SantasList.Status.NICE);

// entries[0].topics has only the event signature; person is in `data`

}

Recommended Mitigation

Index the person parameter on both events.

- event CheckedOnce(address person, Status status);

- event CheckedTwice(address person, Status status);

+ event CheckedOnce(address indexed person, Status status);

+ event CheckedTwice(address indexed person, Status status);

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!