Skip to content

Latest commit

 

History

History
60 lines (39 loc) · 1.41 KB

020.md

File metadata and controls

60 lines (39 loc) · 1.41 KB

Melted Shadow Otter

Medium

Lack of Event Emission

Summary

There are no events emitted for critical state changes (e.g., when fees are set, tokens are minted, or roles are granted). This reduces transparency and makes it harder to track changes. I prefer to emit events for all state-changing operations, including fee changes, mints, and role assignments.

Root Cause

https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/Numa.sol#L24

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

.... event FeeUpdated(uint256 newFeeBips); event WlSpenderUpdated(address indexed spender, bool isWl); event TokenMinted(address indexed to, uint256 amount); ....

function SetFee(uint _newFeeBips) external onlyRole(DEFAULT_ADMIN_ROLE) { require(_newFeeBips <= 10000, "Fee percentage must be 100 or less"); NumaStorage storage ns = numaStorage(); ns.sellFeeBips = _newFeeBips; emit FeeUpdated(_newFeeBips); }

function SetWlSpender(address _address, bool _isWl) external onlyRole(DEFAULT_ADMIN_ROLE) { NumaStorage storage ns = numaStorage(); ns.wlSpenders[_address] = _isWl; emit WlSpenderUpdated(_address, _isWl); }

function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) { _mint(to, amount); emit TokenMinted(to, amount); }

Mitigation

No response