search

code-423n4 / 2021-12-defiprotocol-findings

0 stars 0 forks source link

Critical operations should emit events #112

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

Across the contracts, there are certain critical operations that change critical values that affect the users of the protocol.

It's a best practice for these setter functions to emit events to record these changes on-chain for off-chain monitors/tools/interfaces to register the updates and react if necessary.

Instances include:

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L40-L42

    function setMinLicenseFee(uint256 newMinLicenseFee) public override onlyOwner {
        minLicenseFee = newMinLicenseFee;
    }

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L44-L46

    function setAuctionDecrement(uint256 newAuctionDecrement) public override onlyOwner {
        auctionDecrement = newAuctionDecrement;
    }

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L48-L50

    function setAuctionMultiplier(uint256 newAuctionMultiplier) public override onlyOwner {
        auctionMultiplier = newAuctionMultiplier;
    }

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L52-L55

    function setBondPercentDiv(uint256 newBondPercentDiv) public override onlyOwner {
        require(newBondPercentDiv > 0);
        bondPercentDiv = newBondPercentDiv;
    }

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Factory.sol#L57-L61

    function setOwnerSplit(uint256 newOwnerSplit) public override onlyOwner {
        require(newOwnerSplit <= 2e17); // 20%

        ownerSplit = newOwnerSplit;
    }

https://github.com/code-423n4/2021-12-defiprotocol/blob/205d3766044171e325df6a8bf2e79b37856eece1/contracts/contracts/Auction.sol#L45-L47

    function killAuction() onlyBasket public override {
        auctionOngoing = false;
    }