Several contracts in the Yield Protocol system inherit the Delegable contract.
This contract allows users to delegate the ability to perform certain operations on their behalf to other addresses.
When a user adds or removes a delegate, a corresponding event is emitted to log this operation.
However, there is no check to prevent a user from repeatedly adding or removing a delegation that is already enabled or revoked, which could allow redundant events to be emitted repeatedly.
Short term, add a require statement to check that the delegate address is not already enabled or disabled for the user.
This will ensure log messages are only emitted when a delegate is activated or deactivated.
Long term, review all operations and avoid emitting events in repeated calls to idempotent operations. This will help prevent bloated logs.
- ToB Audit Yield Finding 4
- Auditing & Logging
- Delegate Add/Remove -> Emit Event
- Check Delegate
- Enabled/Disabled