search

code-423n4 / 2022-01-xdefi-findings

0 stars 0 forks source link

Improper event declaration #196

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

Czar102

Vulnerability details

Impact

Proper event declaration eases off-chain monitoring.

Proof of Concept

In the case of qualitative variables, it is recommended to use indexed keyword.

Despite the uint duration argument seems to be a quantitative one, it is limited to few values, which specify the "locking mode".

Recommended Mitigation Steps

uint duration variable should be considered qualitative and be marked indexed in the following events:

event LockPeriodSet(uint256 duration, uint8 bonusMultiplier);
event LockPositionCreated(uint256 indexed tokenId, address indexed owner, uint256 amount, uint256 duration);
deluca-mike commented 2 years ago

Agreed. We will mark them indexed in both LockPeriodSet and LockPositionCreated.

deluca-mike commented 2 years ago

Fixed in release candidate contract interface for LockPeriodSet and LockPositionCreated.