Closed sherlock-admin2 closed 9 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid accroding to sherlock rules VII. number 2 }
Invalid, informational finding that has no security risk to protocol. Additionally, the call to batchTelcoin()
will have necessary events via ERC20 transfer functions
cryptonoob
medium
Missing event for TelcoinDistributor.sol's executeTransaction
Summary
TelcoinDistributor.sol executeTransaction doesnt emit events to record the executed Transactions on-chain for off-chain monitors/tools/interfaces to register the updates and react if necessary.
Vulnerability Detail
TelcoinDistributor.sol doesnt emit an event when executing transactions in executeTransaction method making difficult to offchain products to keep track of executed transactions
Impact
The impact of this is that there is no way to off-chain monitors/tools/interfaces to register and keep track of the payments (token distribution).
Missing events do not promote transparency and affect perception of fairness or trustworthiness, they could stop using the protocol
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L143-L175
Tool used
Manual Review
Recommendation
Recommend to consider emitting events when these addresses/values are updated. This will be more transparent and it will make it easier to keep track of the status of the system.
Reference
https://code4rena.com/reports/2021-08-floatcapital#m-03-missing-eventstimelocks-for-owneradmin-only-functions-that-change-critical-parameters