Beatland Festival
AI First Flight #4
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

FundsWithdrawn event declared in IFestivalPass but never emitted in withdraw()

cybervikink

Root + Impact

Event defined in interface but omitted in implementation. Solidity does not enforce that interface-declared events are emitted, so no compiler warning is produced.

Description

IFestivalPass declares with explicit NatSpec "Emitted when the organizer withdraws collected funds":

event FundsWithdrawn(address indexed organizer, uint256 amount);

The implementation never emits it:

function withdraw(address target) external onlyOwner {
payable(target).transfer(address(this).balance); // no emit
}

Any off-chain system listening for FundsWithdrawn — subgraphs, treasury monitors, front-ends — will silently miss every withdrawal.

Risk

Likelihood:

  • Likelihood: High — missing emit on every withdrawal call

Impact:

  • Impact: Low — ETH outflows invisible to event-based monitoring, off-chain indexers, and treasury dashboards

Proof of Concept

function test_withdrawEmitsNoEvent() public {
vm.deal(address(fp), 1 ether);
vm.recordLogs();
fp.withdraw(address(this));
Vm.Log[] memory logs = vm.getRecordedLogs();
bytes32 sig = keccak256("FundsWithdrawn(address,uint256)");
for (uint i = 0; i < logs.length; i++) {
assertTrue(logs[i].topics[0] != sig);
}
// Passes — no FundsWithdrawn ever emitted
}

Recommended Mitigation

function withdraw(address target) external onlyOwner {
+ uint256 amount = address(this).balance;
payable(target).transfer(address(this).balance);
+ emit FundsWithdrawn(target, amount);
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 8 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!