search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

QA Report #40

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Important method, missing EVENT

MarketPlace.burnZcTokenRemovingNotional() and authRedeem() need emit event like "MarketPlace.redeemZcToken()" emit event "emit RedeemZcToken(p, u, m, t, a);" ,they will burn zcToken

Recommend

  function authRedeem(uint8 p, address u, uint256 m, address f, address t, uint256 a) public authorized(markets[p][u][m].zcToken) returns (uint256 underlyingAmount) {
      ....

      if (!IZcToken(market.zcToken).burn(f, a)) { revert Exception(29, 0, 0, address(0), address(0)); }

       emit RedeemZcToken(p, u, m, f, a);   //**** add this line****/
      ....

    } else {

      if (!IZcToken(market.zcToken).burn(f, a)) { revert Exception(29, 0, 0, address(0), address(0)); }

      emit RedeemZcToken(p, u, m, f, a);   //**** add this line****/
    }
  }
  function burnZcTokenRemovingNotional(uint8 p, address u, uint256 m, address t, uint256 a) external authorized(swivel) unpaused(p) returns(bool) {
    ....

    if (!IZcToken(market.zcToken).burn(t, a)) { revert Exception(29, 0, 0, address(0), address(0)); }

    emit RedeemZcToken(p, u, m, t, a);   //**** add this line****/

   .... 
  }
robrobbins commented 2 years ago

authRedeem does emit RedeemZcToken

the addition to burnZc.... i disagree with, mintZcTokenAddingNotional for example does not have a similar event need, and would if this were the case.