search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Missing event emit for MemberWithdraws #94

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

The DAO member withdrawal is missing an emit for MemberWithdraws event. This results in lack of transparency and off-chain monitoring capability.

Proof of Concept

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L78

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L170-L174

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add an emit for the event or otherwise rationalize/document why it isn’t necessary and remove the event declaration.

SamusElderg commented 3 years ago

Non-critical/subjective; however a good point is raised in regards to whether we want this more friendly to an outside event lister/subgraphs or what have you. Will discuss further

ghoul-sol commented 3 years ago

Best practices, non-critical.