search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

Missing event emitting #148

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

wuwe1

Vulnerability details

Impact

Off-chain tools will not work as expected.

Proof of Concept

Missing UserWithdrawn

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L132

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L372

Missing IssuingTokenDeposited

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L124

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L287

Recommended Mitigation Steps

Add emit UserWithdrawn(user, amountMinusFee) after L372

Add emit IssuingTokenDeposited(_token, balance) after L287

cryptofish7 commented 2 years ago

Should be 0.

Fix: https://github.com/traderjoe-xyz/rocket-joe/commit/3311592bf60a936a6f899fc30a70d167e0085c49

dmvt commented 2 years ago

Event issues are non-critical

0 — Non-critical (0): vulns have a risk of 0 and are considered “Non-critical” whenCode style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas-optimisations