Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Tokens sent to the treasury can never be withdrawn

ChainProof

Summary

Funds cannot be recovered when sent directly to the treasury

Vulnerability Details

The emergencyWithdraw allows Emergency admin to send funds to the treasury

function emergencyWithdraw(address token) external override whenPaused {
if (!hasRole(EMERGENCY_ROLE, msg.sender)) revert UnauthorizedCaller();
if (token == address(0)) revert InvalidAddress();
uint256 balance;
if (token == address(raacToken)) {
balance = raacToken.balanceOf(address(this));
raacToken.safeTransfer(treasury, balance);
} else {
balance = IERC20(token).balanceOf(address(this));
@> SafeERC20.safeTransfer(IERC20(token), treasury, balance);
}
emit EmergencyWithdrawal(token, balance);
}

An issue with this implementation is that, it directly sent tokens to the treasury, this is problematic as there'll be no way to withdraw these funds. Reason is to withdraw funds on treasury _balances[token] mapping and _totalValue should be increased with deposit function , otherwise calling withdraw function is reverted due to underflow of those variables.

The same happened in the _processDistributions.

Impact

Funds will be stuck in the treasury forever.

Tools Used

Manual review

Recommendations

Transfer tokens via deposit function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

FeeCollector::_processDistributions and emergencyWithdraw directly transfer funds to Treasury where they get permanently stuck

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.