The redeem function is designed to convert a specified number of shares into the corresponding amount of underlying assets. The current implementation emits a Withdraw event, which is misleading and inconsistent with the function's purpose. This discrepancy can cause confusion for developers, users, and external systems that rely on event logs to track and audit contract actions. It could lead to incorrect assumptions about the nature of the transaction, complicating monitoring, debugging, and integration processes.
Lines of code
https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/CollateralTracker.sol#L652
Vulnerability details
Impact
The
redeemfunction is designed to convert a specified number of shares into the corresponding amount of underlying assets. The current implementation emits aWithdrawevent, which is misleading and inconsistent with the function's purpose. This discrepancy can cause confusion for developers, users, and external systems that rely on event logs to track and audit contract actions. It could lead to incorrect assumptions about the nature of the transaction, complicating monitoring, debugging, and integration processes.Proof of Concept
https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/CollateralTracker.sol#L652
Tools Used
Recommended Mitigation Steps
Implement
Redeemevent and replace theWithdrawevent with aRedeemevent to accurately reflect the function's action.Assessed type
Other