This audit report focuses on the presence of unused events in the LidoVault smart contract. These events, while not directly harmful, lead to inefficiencies and potential confusion. By leaving these events in place without using them, the contract's bytecode size increases unnecessarily, and the contract logic becomes less clear for future developers and auditors. The unused events should be removed to streamline the contract and reduce the possibility of future complications.
Vulnerability Detail
Unused Events
The following events are declared but never used or emitted anywhere in the contract:
Intended to log transfers involving stETH tokens, but no such functionality is implemented.
TransferredWithdrawalERC721(uint256 requestId, address recipient)
Declared to log transfers of Lido withdrawal request ERC721 tokens, but no such event emission is present.
VaultSet(address vault, address indexed setter)
This event should ideally be emitted during the deposit() function after staking ETH on Lido via lido.submit. However, it is not emitted despite being declared.
Impact
Gas Costs: Unused events increase the bytecode size, leading to higher gas costs during contract deployment. While these events don't affect runtime gas usage, their presence still adds unnecessary weight to the contract.
Code Clarity: Having unused events in the code can mislead developers or auditors into believing certain actions are tracked or logged when they are not. This can lead to confusion and potentially mask important security considerations during audits.
Future Risks: If left in the contract, unused events may be mistakenly referenced or misused in future upgrades or extensions, leading to unforeseen issues.
Eliminate the TransferredStETH, TransferredWithdrawalERC721, VaultSet, if they are not intended to be used. This will reduce the contract’s deployment costs and improve its clarity.
Scrawny Iron Tiger
Low/Info
Unused Events in LidoVault Smart Contract
Summary
This audit report focuses on the presence of unused events in the LidoVault smart contract. These events, while not directly harmful, lead to inefficiencies and potential confusion. By leaving these events in place without using them, the contract's bytecode size increases unnecessarily, and the contract logic becomes less clear for future developers and auditors. The unused events should be removed to streamline the contract and reduce the possibility of future complications.
Vulnerability Detail
Unused Events The following events are declared but never used or emitted anywhere in the contract:
TransferredStETH(uint256 amount, address recipient)
Intended to log transfers involving stETH tokens, but no such functionality is implemented. TransferredWithdrawalERC721(uint256 requestId, address recipient)
Declared to log transfers of Lido withdrawal request ERC721 tokens, but no such event emission is present. VaultSet(address vault, address indexed setter)
This event should ideally be emitted during the deposit() function after staking ETH on Lido via lido.submit. However, it is not emitted despite being declared.
Impact
Gas Costs: Unused events increase the bytecode size, leading to higher gas costs during contract deployment. While these events don't affect runtime gas usage, their presence still adds unnecessary weight to the contract.
Code Clarity: Having unused events in the code can mislead developers or auditors into believing certain actions are tracked or logged when they are not. This can lead to confusion and potentially mask important security considerations during audits.
Future Risks: If left in the contract, unused events may be mistakenly referenced or misused in future upgrades or extensions, leading to unforeseen issues.
Code Snippet
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L1020-L1023 https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L1036-L1044
Tool used
Manual Review
Recommendation
Eliminate the TransferredStETH, TransferredWithdrawalERC721, VaultSet, if they are not intended to be used. This will reduce the contract’s deployment costs and improve its clarity.