Open hats-bug-reporter[bot] opened 1 week ago
After careful consideration, we believe that this issue can be treated as an enhancement rather than a vulnerability. Here are the key points supporting our decision:
_mint
and _burn
functions are internal and not directly called by users. They are part of the internal logic of the contract and are not intended for direct interaction._mint
and _burn
operations. The standard focuses on the essential functionalities required for compatibility and interoperability.In conclusion, while adding events could be beneficial for enhanced traceability, it is not necessary for the current design and functionality. This can be considered as an enhancement for future updates but is not required at this stage. Issue can be considered as invalid.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x3a0fa3dca59927c1a3bb40e8a2c2c652e3816db86648bef3b7fcc23accc24552 Severity: low
Description: Description\ The
EthMultiVault
contract uses a struct to manage user share balances within a vault. It includes an internal_mint
function to add shares to a user's balance and an internal_burn
function to subtract shares from a user's balance. However, both functions are missing event emissions to log these actions, which can lead to a lack of transparency and traceability in the contract's operations.Attack Scenario\ Describe how the vulnerability can be exploited.
Proof of Concept (PoC)\ When a user calls
createAtom
anddepositAtom
functions, no event is emitted regarding the minting of additional shares.Also, when
redeemAtom
is called, no event is emitted regarding the burning of the shares.Revised Code\ Add event definitions and emit appropriate events in the
_mint
and_burn
functions. This will enhance the transparency of the contract.