Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Emergency withdraw sends funds to the old treasury during the TREASURY_UPDATE_DELAY

ChainProof

Summary

Emergency withdraw funds should go to the new treasury address instead of old treasury during Emergency situations. .

Vulnerability Details

The emergencyWithdraw allows the EMERGENCY_ROLE owner to call the function during emergency situations to withdraw funds to the `tresury.

function emergencyWithdraw(address token) external override whenPaused {
if (!hasRole(EMERGENCY_ROLE, msg.sender)) revert UnauthorizedCaller();
if (token == address(0)) revert InvalidAddress();
uint256 balance;
if (token == address(raacToken)) {
balance = raacToken.balanceOf(address(this));
raacToken.safeTransfer(treasury, balance);
} else {
balance = IERC20(token).balanceOf(address(this));
SafeERC20.safeTransfer(IERC20(token), treasury, balance);
}
emit EmergencyWithdrawal(token, balance);
}

Consider the emergency situation. Admin call setTreasury to update treasury . In that period(TREASURY_UPDATE_DELAY) emergencyWithdraw is invoked due to emergency situation. Then funds is transferred to old treasury instead of new treasury.

Impact

Funds will go to the old treasury instead of the pending/new on emergency situations.

Tools Used

Manual review

Recommendations

  1. Since the EMERGENCY_ROLE is trusted, allow the role to specify a param for where to send the funds

  2. Or when in pending treasury is added, then send the funds to the pending tresury.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!