Open hats-bug-reporter[bot] opened 4 months ago
The checks/effects/interactions pattern would suggest events, being effects, precede transfer, which is an interaction. Regardless of the ordering chosen, no event will be emitted in the case that the transfer fails, because then the transaction will be reverted.
Github username: @0xanjalit Twitter username: @pineapple_punkk Submission hash (on-chain): 0x7d7d9eb85973afe091caeaea0668353963880231ef6174ed3c637f470f6a20ae Severity: low
Description: Description\ The
withdrawTokensTo
function inBfxVault.sol
emits eventWithdrawTo(to, amount)
without checking if the transaction was even successful or notsame is the case with
Bfx.sol:withdraw
function which emitsWithdrawalReceipt(id, trader, amount)
which according to docs should only be emitted only if the withdrawal was successful, here:WithdrawalReceipt: Emitted after a successful trader withdrawal with signature verification
Impact\ emitting event like this can be misleading and create disputes among frontend and actual smart contract results
Mitigation\ consider moving the
emit
statement down after the require statement, such that event is only emitted after satisfying the require condition.BfxVault:withdrawTokensTo
functionBfx:withdraw
function