Missing Events
Detects critical state-changing operations that do not emit events, reducing transparency and making off-chain monitoring impossible.
Missing Events
Overview
The missing events detector identifies functions that modify critical contract state — ownership transfers, role grants, parameter updates, pause/unpause — without emitting an event. Events are the primary mechanism for off-chain monitoring, alerting, and indexing. Without them, governance tools, block explorers, and security monitoring systems cannot track important state changes.
Why This Is an Issue
Off-chain infrastructure depends on events to detect and respond to on-chain activity. If an ownership transfer occurs without an event, governance dashboards will not reflect the change, and security monitoring will not trigger alerts. Attackers can exploit this opacity to make unauthorized changes that go unnoticed until funds are already drained. The absence of events also makes post-incident forensics more difficult.
How to Resolve
// Before: Vulnerable — no event on ownership transfer
function transferOwnership(address newOwner) external onlyOwner {
owner = newOwner;
}
// After: Fixed — event emitted
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
function transferOwnership(address newOwner) external onlyOwner {
require(newOwner != address(0), "Zero address");
address oldOwner = owner;
owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}Detection Methodology
- Critical function identification: Identifies functions that modify ownership, roles, protocol parameters, or pause state based on storage write patterns and function selectors.
- LOG opcode absence: Checks whether the function contains any LOG0-LOG4 opcodes (event emission).
- Severity weighting: Functions that modify access control receive higher severity than those modifying non-security parameters.
- Standard compliance: Compares against expected events from standards (ERC-20 Transfer/Approval, Ownable OwnershipTransferred).
Limitations
False positives: Internal helper functions that are called by event-emitting wrapper functions may be flagged. False negatives: Functions that emit events but with incorrect or insufficient indexed parameters are not flagged by this detector.
Related Detectors
- Access Control — detects missing access control on critical functions
- Business Logic Error — detects broader logic issues