search

sherlock-audit / 2024-08-saffron-finance-judging

9 stars 5 forks source link

Real Tangelo Lion - `block.timestamp` not faithfully representing in the emitted `VaultStarted` event in the `deposit` function. #172

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

Real Tangelo Lion

Low/Info

block.timestamp not faithfully representing in the emitted VaultStarted event in the deposit function.

Summary

events should faithfully represent the parameter it holds in order to maintain consistency and for the code to be more readable. This faithful change will facilitate a more accurate tracking and notify off-chain clients following the contract's activity should there be discrepancies with instances such as withdrawing early and incurring more/less than expected.

Root Cause

The root cause to this issue is that the following line uses block.timestamp instead of startTime to indicate that the vault has started. this may cause issues down the line, especially if there's delays in the logging of the event. https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L389

Internal pre-conditions

Impact

Not facilitating this change may hinder accurate tracking and notify off-chain clients following when the deposit actually happen should there be discrepancies with instances such as withdrawing early and there's a difference in incurring more/less fee penalties as expected.

Mitigation

Replace block.timestamp with startTime

+ emit VaultStarted(startTime, msg.sender);
- emit VaultStarted(block.timestamp, msg.sender);