code-423n4 / 2024-06-panoptic-findings

1 stars 0 forks source link

Incorrect Event Emission in Redeem Function #47

Closed howlbot-integration[bot] closed 5 months ago

howlbot-integration[bot] commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/CollateralTracker.sol#L652

Vulnerability details

Impact

The redeem function is designed to convert a specified number of shares into the corresponding amount of underlying assets. The current implementation emits a Withdraw event, which is misleading and inconsistent with the function's purpose. This discrepancy can cause confusion for developers, users, and external systems that rely on event logs to track and audit contract actions. It could lead to incorrect assumptions about the nature of the transaction, complicating monitoring, debugging, and integration processes.

Proof of Concept

https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/CollateralTracker.sol#L652

Tools Used

Recommended Mitigation Steps

Implement Redeem event and replace the Withdraw event with a Redeem event to accurately reflect the function's action.

Assessed type

Other

c4-judge commented 5 months ago

Picodes marked the issue as unsatisfactory: Invalid