Lack of event emission after sensitive actions with POC
Report ID
#12523
Target
Report type
Smart Contract
Impacts
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Has PoC?
Yes
Bug Description
A clear and concise description of the bug.
in CurveFacet 0xd231498144c5b53b65b782343cdfb366472c7bf7 there is Lack of event emission after sensitive actions
there are functions addLiquidity exchange exchangeUnderlying removeLiquidity removeLiquidityImbalance removeLiquidityOneToken
and there is no event and emitting events for all this functions
Impact
Consider emitting events after sensitive changes take place, to facilitate tracking and notify off-chain clients following the contracts’ activity
Risk Breakdown
Difficulty to Exploit: Easy Weakness: CVSS2 Score:
Proof of concept
There is Lack of event emission after sensitive actions in CurveFacet
BIC Response
This is not a security bug report because:
- Relevant events are emitted by Curve; and
- Emitting an event during any of those methods would be duplicative of the underlying protocol, wasting gas and causing confusion with regards to what event should be trusted.
Due to these reasons, we are closing the submission and no reward will be issued.