🎁Informational Vulnerability 3: Missing Events

Book an audit with Zokyo

Introduction: In the world of smart contracts, critical actions or changes in parameters need to be communicated promptly to stakeholders. This ensures transparency, trustworthiness, and facilitates seamless integration with off-chain tools and interfaces. Events play a pivotal role in this communication. In this tutorial, we will discuss the significance of events, especially for functions that modify vital parameters, irrespective of access control.

---

Concept: Events provide a way for smart contracts to log specific actions on the blockchain, which can be monitored by off-chain applications. When critical parameters within a contract change, it's paramount for these alterations to be communicated transparently. The absence of event emissions for such functions can drastically reduce a protocol's transparency.

For instance, if a protocol alters its staking reward rate without emitting an event, users and dApps interfacing with the protocol might not be notified in real-time. This oversight can diminish user trust and deter participation.

---

Why are Events Crucial for Critical Parameter Changes?

• Real-time Notification: Off-chain entities get real-time updates about on-chain actions.

• User Decision-making: Empowers users to adjust their strategies or decisions based on live data.

• Trustworthiness: Enhances the protocol's overall reliability, potentially impacting participation, liquidity, and TVL.

---

Example:

Consider a function that updates the reward rate:

solidityCopy codefunction setRewardRate(uint256 _newRate) external {
    rewardRate = _newRate;
    // Missing event
}

The enhanced practice is:

solidityCopy codeevent RewardRateUpdated(uint256 oldRate, uint256 newRate);

function setRewardRate(uint256 _newRate) external {
    uint256 oldRate = rewardRate;
    rewardRate = _newRate;
    emit RewardRateUpdated(oldRate, _newRate);
}

---

Recommendation:

1. Thoroughly review your contracts to pinpoint functions that modify crucial parameters but lack corresponding event emissions.

2. Introduce events that relay comprehensive information about the change.

3. After integrating events, rigorously test your contract to validate that events are being emitted correctly.

4. Adopt a practice of consistently incorporating events for all significant changes in your future contracts.

---

Conclusion: Embedding events in smart contracts, particularly for essential parameter modifications, is indispensable for ensuring transparency and fostering trust. Addressing the omission of events ensures a more communicative and reliable decentralized platform, paving the way for heightened user engagement and protocol success.