Description:Description\
Sensitive onlyOwner functions in smart contracts often alter critical state variables. Without events emitted in these functions, external observers or dApps cannot easily track or react to these state changes. Missing events can obscure contract activity, hampering transparency and making integration more challenging. To resolve this, incorporate appropriate event emissions within these functions. Events offer an efficient way to log crucial changes, aiding in real-time tracking and post-transaction verification.
Particularly for the Thorn protocol, events are not emitted in StableSwapRouter.sol
function kill() external onlyOwner {
isKill = true; <@ event not emitted
}
function unKill() external onlyOwner {
isKill = false; <@ event not emitted
}
Apart from the lack of transparency for the off-chain tools, there is a lack of consisency with the other Thorn contracts. The other contracts emit events in such scenarios. For example: StableSwapTwoPool.sol
function kill_me() external onlyOwner {
require(kill_deadline > block.timestamp, "Exceeded deadline");
is_killed = true;
emit Kill();
}
/**
* @notice Unpause a pool that was previously paused, re-enabling exchanges.
*/
function unkill_me() external onlyOwner {
is_killed = false;
emit Unkill();
}
Attack Scenario
Attachments
Proof of Concept (PoC) File
StableSwapRouter::kill() and StableSwapRouter::unKill()
Revised Code File (Optional)
Emit events in StableSwapRouter, similar to StableSwapTwoPool
Github username: -- Twitter username: -- Submission hash (on-chain): 0xef009bd8fdcf6d6be29e78d75ba6432831992897b61af724fda562f4f3d66527 Severity: low
Description: Description\ Sensitive
onlyOwner
functions in smart contracts often alter critical state variables. Without events emitted in these functions, external observers or dApps cannot easily track or react to these state changes. Missing events can obscure contract activity, hampering transparency and making integration more challenging. To resolve this, incorporate appropriate event emissions within these functions. Events offer an efficient way to log crucial changes, aiding in real-time tracking and post-transaction verification.Particularly for the Thorn protocol, events are not emitted in
StableSwapRouter.sol
Apart from the lack of transparency for the off-chain tools, there is a lack of consisency with the other Thorn contracts. The other contracts emit events in such scenarios. For example:
StableSwapTwoPool.sol
Attack Scenario
Attachments
StableSwapRouter::kill()
andStableSwapRouter::unKill()
Emit events in
StableSwapRouter
, similar toStableSwapTwoPool