[Audit Fix] Inconsistent values for the Transfer event

Question

[Audit Fix] Inconsistent values for the Transfer event

Closed this issue 4 years ago · 0 comments

Inconsistent values for the Transfer event

Summary

function _burnShares emits Transfer event passing _deltaLambda as the amount transferred while the function _mintShares uses deltaT.

Risk Rating

1

Vulnerability Details

_burnShares emits the event that _deltaLambda was burned. _mintShares recalculates deltaT and uses that in the same event. So it is unclear if this event should emit the number of shares or the number of tokens minted/burned. Probably tokens as the third place where this event is emitted (function _transfer) uses tokens.

Impact

No impact on the security, it could just make it harder for a frontend application to handle the values coming from these events.

Proof of Concept

https://github.com/code-423n4/code-contests/blob/dcde6b1d78d84d0165d2defd6e959d59ff8aba68/contests/02-elasticdao/contracts/tokens/ElasticGovernanceToken.sol#L479

and

https://github.com/code-423n4/code-contests/blob/dcde6b1d78d84d0165d2defd6e959d59ff8aba68/contests/02-elasticdao/contracts/tokens/ElasticGovernanceToken.sol#L506

Tools Used

Just a simple code review using a text editor.

Recommended Mitigation Steps

Decide if you want to emit shares or number of tokens in the Transfer event and use it in all cases where this event is emitted.

Definition of Done

All transfer events use deltaT value