bgibers
commented
3 months ago I don’t agree that all of these should emit events, as we’re emitting them in vault. But we probably should emit it for set_code
Open hats-bug-reporter[bot] opened 3 months ago
bgibers
commented
3 months ago I don’t agree that all of these should emit events, as we’re emitting them in vault. But we probably should emit it for set_code
0xmahdirostami
commented
3 months ago i'm not fully in agreement with emitting these functions on agent deposit(), start_unbond(), withdraw_unbonded(), and compound(), because events are emitted in the vault for these functions, and it is sufficient. But yes, setcode should be emitted in agent and vault. This could be valid as a low.
bmino
commented
2 months ago Addressed in kintsu-contracts@049633
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0x7d06f4815976f8b225d5984d87e4abd24db400a032e5b65c21202b60d902c0f8 Severity: low
Description: Description\
nomination_agenthas functions which results in staked token balance change and these functions can only be accessed by vault contract address. This includes the following functions:1)
deposit()2)start_unbond()3)withdraw_unbonded()4)compound()The change in balance information is necessary and should be transparent and for that event are emitted on blockchain, However, none of the above functions emits events.
The following are points explains the need of events in
nomination_agentcontract.1) Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services.
2) The alternative of directly querying on-chain contract state for such changes is not considered practical for most users/usages.
3) Missing events do not promote transparency and if such changes immediately affect users’ perception of fairness or trustworthiness, they could exit the protocol causing a reduction in liquidity which could negatively impact protocol TVL and reputation.
If we see other contracts like
vaultandshare_token, the functionalities present in these contracts emits events.For the transparency and onchain information about staked balance changes, an events in above said functions must be emitted in
nomination_agentRecommendation to fix\ Emit events in
deposit(),start_unbond(),withdraw_unbonded(),compound()functions.Note Issue is applicable to all such instances where events are missing. For example:
set_code()