Skip to content

remove spinstreak arg for event #245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yogurtandjam merged 1 commit into from
Jan 13, 2026
Merged

remove spinstreak arg for event #245

yogurtandjam merged 1 commit into from
Jan 13, 2026

Conversation

@yogurtandjam
Copy link
Contributor

@yogurtandjam yogurtandjam commented Jan 13, 2026

What's new in this PR?

In bullet point format, please describe what's new in this PR.

Why?

What problem does this solve?
Why is this important?
What's the context?

Copilot AI review requested due to automatic review settings January 13, 2026 16:43
@octane-security-app
Copy link

octane-security-app bot commented Jan 13, 2026

Summary by Octane

New Contracts

No new contracts were added.

Updated Contracts

  • Spin.sol: Removed currentStreak parameter from the SpinCompleted event for simplicity.

🔗 Commit Hash: be314fd

Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the currentStreak parameter from the SpinCompleted event to simplify the event signature. The change reduces event data emissions while the streak information remains accessible through the contract's state.

Changes:

  • Removed currentStreak parameter from the SpinCompleted event declaration
  • Updated event emission to exclude the streak value

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

plume/src/spin/Spin.sol
event SpinCompleted(
address indexed walletAddress, string rewardCategory, uint256 rewardAmount, uint256 currentStreak
);
event SpinCompleted(address indexed walletAddress, string rewardCategory, uint256 rewardAmount);
Copy link

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing the currentStreak parameter from the SpinCompleted event is a breaking change that will affect any off-chain systems (indexers, analytics dashboards, frontend applications) currently listening to this event. While the currentStreak value is still computed and stored in userDataStorage.streakCount (line 253), it's no longer emitted in the event. Consider whether off-chain consumers need this data or if they can retrieve it through other means (e.g., by querying the userData mapping).

Copilot uses AI. Check for mistakes.
@yogurtandjam yogurtandjam merged commit 778764a into main Jan 13, 2026
8 checks passed
@yogurtandjam yogurtandjam deleted the jerms/remove-arg branch January 13, 2026 16:58
@octane-security-app
Copy link

octane-security-app bot commented Jan 13, 2026

Overview

Vulnerabilities found: 1                                                                                
Severity breakdown: 1 Low
Warnings found: 4                                                                                

Detailed findings

plume/src/spin/Spin.sol

  • Reverting native-asset payout in Spin.handleRandomness causes per-user spins to remain pending (self-DoS). See more

Warnings

plume/src/spin/Spin.sol

  • Reward logic depends on callback-time block.timestamp in Spin.sol causes oracle to bias jackpot outcomes. See more
  • Unrestricted admin withdrawals and no payout reserve in Spin.handleRandomness cause user fee loss and denied payouts. See more
  • Mutable admin-controlled reward parameters at randomness callback in Spin.sol cause loss of user spin fees via retroactive outcome changes/cancellation. See more
  • Unprotected initializer (missing _disableInitializers()) in Spin.sol implementation causes off-chain tooling confusion. See more

🔗 Commit Hash: be314fd
🛡️ Octane Dashboard: All vulnerabilities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yogurtandjam