search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

Missing events for critical operations #165

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

Across the contracts, there are certain critical operations that change critical values that affect the users of the protocol.

It's a best practice for these setter functions to emit events to record these changes on-chain for off-chain monitors/tools/interfaces to register the updates and react if necessary.

Instances include:

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L74-L76

function addOperator(bytes32 operator) external override onlyOwner {
        operators.push(operator);
    }

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L79-L86

function removeOperator(bytes32 operator) external override onlyOwner {
        uint256 i = 0;
        while (operators[i] != operator) {
            i++;
        }
        require(i > 0, "NestedFactory::removeOperator: Cant remove non-existent operator");
        delete operators[i];
    }
maximebrugel commented 2 years ago

Duplicated : #42