Petite Spruce Mammoth - Event emission before state change in `setSymmioAddress` function can lead to inconsistencies between the emitted event and the actual state of the contract in `SymmioPartyA.sol` #76
Event emission before state change in setSymmioAddress function can lead to inconsistencies between the emitted event and the actual state of the contract in SymmioPartyA.sol
Summary
The setSymmioAddress function in the SymmioPartyA contract emits the SetSymmioAddress event before updating the state variable symmioAddress. This practice can lead to inconsistencies between the emitted event and the actual state of the contract.
An attacker or user calls the setSymmioAddress function.
The event SetSymmioAddress is emitted with the old and new addresses.
If the transaction fails after the event emission but before the state update, the event log will contain incorrect information, leading to potential confusion or misuse of the event data.
Impact
The event logs may not accurately reflect the state of the contract, leading to potential confusion for users and developers relying on these logs.
Tools and services that monitor events may act on incorrect data, potentially causing operational issues.
PoC
No response
Mitigation
To mitigate this issue, ensure that the state variable is updated before emitting the event. This guarantees that the event accurately reflects the current state of the contract.
Petite Spruce Mammoth
Low/Info
Event emission before state change in
setSymmioAddress
function can lead to inconsistencies between the emitted event and the actual state of the contract inSymmioPartyA.sol
Summary
The
setSymmioAddress
function in theSymmioPartyA
contract emits theSetSymmioAddress
event before updating the state variablesymmioAddress
. This practice can lead to inconsistencies between the emitted event and the actual state of the contract.Root Cause
The root cause of this issue is the order of operations in the
setSymmioAddress
function, where the event is emitted before the state variable is updated. https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/multiAccount/SymmioPartyA.sol#L36-L39Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
setSymmioAddress
function.SetSymmioAddress
is emitted with the old and new addresses.Impact
PoC
No response
Mitigation
To mitigate this issue, ensure that the state variable is updated before emitting the event. This guarantees that the event accurately reflects the current state of the contract.