zimu - Lack of events for critical arithmetic parameters

[sherlock-admin]

zimu

medium

Lack of events for critical arithmetic parameters

Summary

Function BondBaseSDA.setDefaults sets critical arithmetic parameters for bond market. But it has no event emitted, it is difficult to track these critical changes off-chain.

Vulnerability Detail

In bases/BondBaseSDA, critical parameters are set and changed in function BondBaseSDA.setDefaults for bond market.

However, no event is emitted, and it is difficult to track these critical changes off-chain. Both Users and Issuers would possibly be unware of these changes.

Impact

Both Users and Issuers would possibly be unware of critical changes on bond market.

Code Snippet

https://github.com/sherlock-audit/2022-11-bond/blob/main/src/bases/BondBaseSDA.sol#L348-L356

Tool used

Manual Review

Recommendation

Add an event in BondBaseSDA.setDefaults to report critical arithmetic changes.

[Evert0x]

Message from sponsor

---

Agree. We have updated setDefaults to emit an event with the newly set values.

[xiaoming9090]

Fixed in https://github.com/Bond-Protocol/bonds/commit/94e38f33b69b0184762c8be1c7bfd0716d97fed2

[Evert0x]

Downgrading to low severity.