Open code423n4 opened 3 years ago
0xRajeev
The DAO member withdrawal is missing an emit for MemberWithdraws event. This results in lack of transparency and off-chain monitoring capability.
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L78
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L170-L174
Manual Analysis
Add an emit for the event or otherwise rationalize/document why it isn’t necessary and remove the event declaration.
Non-critical/subjective; however a good point is raised in regards to whether we want this more friendly to an outside event lister/subgraphs or what have you. Will discuss further
Best practices, non-critical.
Handle
0xRajeev
Vulnerability details
Impact
The DAO member withdrawal is missing an emit for MemberWithdraws event. This results in lack of transparency and off-chain monitoring capability.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L78
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L170-L174
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add an emit for the event or otherwise rationalize/document why it isn’t necessary and remove the event declaration.