Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-10-CANTO-FINDINGS-ISSUES-216
HistoryOct 06, 2023 - 12:00 a.m.

Event not emitted after sensitive action of setting new concentrated and ambient rewards.

2023-10-0600:00:00
Code4rena
github.com
4
sensitive action
rewards
event emission
governance tokens

7.2 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

The ‘setConcRewards’ and ‘setAmbRewards’ doesn’t emit event to to signify to all parties involved the new concentrated and ambient results.

Proof of Concept

A user not aware of new reward price might suppose he/she have been swindled upon realizing that newly accrued reward is lower than rewards accrued in a previous week.
Malicious actors upon gaining control of governance by having excess governance tokens might set exorbitant or extremely low rewards without prompting pool contributors

Tools Used

Manual review

Recommended Mitigation Steps

Events should be emitted after new Concentrated and ambient rewards are set.

Assessed type

Governance

The text was updated successfully, but these errors were encountered:

All reactions

7.2 High

AI Score

Confidence

Low

JSON