maximebrugel
commented
2 years ago The operators are modules to add logic and are called via delegatecall. It doesn't make sense to emit an event in this situation. We already have events once the NFT is created or updated.
alcueca
Handle
hubble
Vulnerability details
No events emitted in the current operators module function commitAndRevert.
The interactions that are defined to be common to all operators: commit and revert.
But while calling/executing the two selectors, we dont know if a commit was executed or a revert.
In the current implementation of the two Operators, like 0x Swap and Flat, it may not make much sence, but in future when new operators are defined, it will be required to make a distinction if it was a commit or a revert.
Hence appropriate emit events for commit and revert is required.
Impact
From a design perspective and future consistency, the impact is more.
Proof of Concept
Refer to ZeroExOperator.sol and FlatOperator.sol contract function commitAndRevert
Tools Used
Manual review
Recommended Mitigation Steps
Include emit events for commit and revert in the Operator module.
It may be required to split the current common function commitAndRevert to separate ones.