Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Users can Freeze Deposits to Treasury.sol

boraicho

Summary

A malicious user can transfer a custom token to the Treasury.sol contract located at 2025-02-raac/contracts/core/collectors/Treasury.sol. By exploiting this, they can trigger an overflow, preventing any further deposits into the contract.

Vulnerability Details

In the deposit function's implementation, a user can submit a malicious token designed to inflate _totalValue to uint256.max. Since Solidity version 0.8 and above includes built-in overflow checks, this would cause the transaction to revert, effectively locking the contract and preventing further deposits.

Implementation of deposit function in Treasury.sol below:

function deposit(address token, uint256 amount) external override nonReentrant {
if (token == address(0)) revert InvalidAddress();
if (amount == 0) revert InvalidAmount();
IERC20(token).transferFrom(msg.sender, address(this), amount);
_balances[token] += amount;
_totalValue += amount;
emit Deposited(token, amount);
}

This vulnerability arises because _totalValue does not have adequate validation against potential overflow scenarios when dealing with malicious tokens.

Impact

Medium

Tools Used

  • Manual Review

Recommendations

Assign total supply to each specific token.

mapping (address => uint256) _totalValue;
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.