Closed c4-bot-10 closed 6 months ago
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseLending.sol#L600-L628
Event is currently being emitted before the transfer has occured. This leads to misinformation of critical parameters
Misinformation of events for critical parameters
Manual Review
function solelyDeposit( uint256 _nftId, address _poolToken, uint256 _amount ) public syncPool(_poolToken) { _handleSolelyDeposit(msg.sender, _nftId, _poolToken, _amount); _emitFundsSolelyDeposited(msg.sender, _nftId, _poolToken, _amount); _safeTransferFrom(_poolToken, msg.sender, address(this), _amount); }
Function should emit event after safe transfer
function solelyDeposit( uint256 _nftId, address _poolToken, uint256 _amount ) public syncPool(_poolToken) { _handleSolelyDeposit(msg.sender, _nftId, _poolToken, _amount); - _emitFundsSolelyDeposited(msg.sender, _nftId, _poolToken, _amount); - _safeTransferFrom(_poolToken, msg.sender, address(this), _amount); + _safeTransferFrom(_poolToken, msg.sender, address(this), _amount); + _emitFundsSolelyDeposited(msg.sender, _nftId, _poolToken, _amount); }
Context
GalloDaSballo marked the issue as insufficient quality report
Would be QA R -> pls scrap as overinflated
Disqualified.
trust1995 marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseLending.sol#L600-L628
Vulnerability details
Description:
Event is currently being emitted before the transfer has occured. This leads to misinformation of critical parameters
Impact:
Misinformation of events for critical parameters
Tools Used
Manual Review
Proof Of Concept:
Recommended Mitigation Steps:
Function should emit event after safe transfer
Assessed type
Context