aycozynfada - Centralisation issue as event not emmited after new pool managers are added or removed

[sherlock-admin2]

aycozynfada

medium

Centralisation issue as event not emmited after new pool managers are added or removed

when new pool managers are added, the contract does not elicit event to show the new pool managers

Vulnerability Detail

New managers after been made as pool managers would not know that are pool managers which will lead to disruption in pool sequences from allocation to distributon thereby causing denial of service also an Admin can make unapproved address or even invalid address to be pool managers without other pool members finding out https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/core/interfaces/IAllo.sol#L289-L308.

Impact

Medium

Code Snippet

` function addPoolManager( uint256 _poolId, address _manager ) external onlyPoolAdmin(_poolId) { // Reverts if the address is the zero address with 'ZERO_ADDRESS()' if (_manager == address(0)) revert ZERO_ADDRESS();

    // Grants the pool manager role to the '_manager' address
    _grantRole(pools[_poolId].managerRole, _manager);
}

`

Tool used

Manual Review

Recommendation

event should be elicited after adding or removing manager roles.

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

n33k commented:

low