code-423n4 / 2021-11-vader-findings

0 stars 0 forks source link

`LinearVesting` missing events #225

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

elprofesor

Vulnerability details

Impact

LinearVesting.sol is missing suitable events in the vestFor() function which limits ability to track transaction events from web3 and other offchain processes.

Proof of Concept

https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/tokens/vesting/LinearVesting.sol#L214-L225

Recommended Mitigation Steps

Add suitable event

SamSteinGG commented 2 years ago

Event based findings should not constitute a low risk.

alcueca commented 2 years ago

Agree with sponsor.