#35768 [SC-Insight] `Market.set_pyth_contract_id` should emit an event

Submitted on Oct 7th 2024 at 09:43:53 UTC by @jasonxiale for IOP | Swaylend

• Report ID: #35768

• Report Type: Smart Contract

• Report severity: Insight

• Target: https://github.com/Swaylend/swaylend-monorepo/blob/develop/contracts/market/src/main.sw

• Impacts:

  • Contract fails to deliver promised returns, but doesn't lose value

Description

Brief/Intro

While changing the system configuration, an event should be emitted. `Market.set_pyth_contract_id` is used to change `Pyth contract`. Because Pyth is an important factor in the system, so an event should be emitted.

Vulnerability Details

As shown in the following code, there is not event emitted ```Rust 941 // # 10. Pyth Oracle management 942 #[storage(write)] 943 fn set_pyth_contract_id(contract_id: ContractId) { 944 // Only owner can set the Pyth contract ID 945 only_owner(); 946 storage.pyth_contract_id.write(contract_id); <<<--- event should be emitted 947 } ```

Impact Details

Information about the Pyth is changed will be missing.

References

Add any relevant links to documentation or code

Proof of Concept

Proof of Concept

As shown in the following code, there is not event emitted ```Rust 941 // # 10. Pyth Oracle management 942 #[storage(write)] 943 fn set_pyth_contract_id(contract_id: ContractId) { 944 // Only owner can set the Pyth contract ID 945 only_owner(); 946 storage.pyth_contract_id.write(contract_id); <<<--- event should be emitted 947 } ```