Inability to Retrieve Stuck Tokens in `PriorityPool.sol`
Summary
In the PriorityPool.sol contract, there is no mechanism to retrieve stuck tokens, such as LST tokens, if no staking or withdrawal activity occurs for an extended period or if the contract goes into an emergency paused state. This could lead to permanent loss of tokens held within the contract.
Vulnerability Details
The PriorityPool.sol contract lacks a function or mechanism that allows administrators or users to recover stuck tokens in certain edge cases, such as:
-
Inactivity: If there is no staking or withdrawal activity for a prolonged period, tokens could become stuck in the contract, with no mechanism to recover them.
-
Emergency Paused State: If the contract is placed into an emergency paused state, users may be unable to withdraw their tokens or perform any actions to recover them, especially if the contract remains paused indefinitely.
Without a dedicated mechanism, the tokens may remain locked in the contract, causing a loss for the users.
Impact
This vulnerability can result in a permanent loss of user tokens that are stuck in the contract due to inactivity or emergency situations. Users will be unable to recover these tokens, and the contract administrators have no built-in way to retrieve them.
Tools Used
Manual review
Recommendations
Implement a rescueTokens function to allow the contract administrator to recover stuck tokens. This function should only be accessible under controlled conditions (e.g., after a certain inactivity period or when the contract is paused). Additionally, consider adding time-based restrictions or multi-sig authorization to prevent misuse of the function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.