Beatland Festival

AI First Flight #4

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

[L-2] withdraw never emits the FundsWithdrawn event defined in the interface

altshar

Root + Impact

Description

IFestivalPass declares an FundsWithdrawn event intended to signal when the owner withdraws ETH. The withdraw function transfers the full contract balance but never emits this event. Every withdrawal goes unlogged on-chain.

// IFestivalPass.sol

event FundsWithdrawn(address indexed organizer, uint256 amount);

// FestivalPass.sol

function withdraw(address target) external onlyOwner {

// @> no emit FundsWithdrawn — event is never fired

payable(target).transfer(address(this).balance);

}

Risk

Likelihood:

This occurs on every single call to withdraw with no exceptions.

Impact:

Off-chain monitoring tools, dashboards, and accounting systems that listen for FundsWithdrawn will never detect withdrawals, creating a transparency and auditability gap.

Proof of Concept

The following confirms that after a successful withdraw call, no FundsWithdrawn event appears in the transaction logs, meaning any listener expecting this event will never receive it.

// Owner withdraws all ETH

vm.prank(owner);

festivalPass.withdraw(owner);

// No FundsWithdrawn event emitted — confirmed by checking logs

// vm.expectEmit would fail here

Recommended Mitigation

Capture the balance before the transfer so the withdrawn amount is available, transfer the funds, then emit FundsWithdrawn with the recipient address and the transferred amount.

function withdraw(address target) external onlyOwner {

+ uint256 amount = address(this).balance;

- payable(target).transfer(address(this).balance);

+ payable(target).transfer(amount);

+ emit FundsWithdrawn(target, amount);

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 5 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!