RAACReleaseOrchestrator::emergencyRevoke Transfers Funds to Contract Instead of Beneficiary, Leading to Permanent Lock
Summary
RAACReleaseOrchestrator::emergencyRevoke send RAACToken to wrong address.
Vulnerability Details
The function RAACReleaseOrchestrator::emergencyRevoke is intended to allow emergency revocation of tokens, transferring them to the intended beneficiary. However, due to an incorrect transfer target, the function mistakenly sends the tokens to the RAACReleaseOrchestrator contract itself instead of the designated beneficiary.
Since RAACReleaseOrchestrator does not have the functionality to transfer or withdraw RAACToken after the transfer, the tokens become permanently locked within the contract, making them inaccessible to the intended recipient.
Impact
-
The emergency revoke function fails to release the intended tokens.
-
Tokens are permanently locked within the contract, rendering them unrecoverable.
-
Affected users will experience an irreversible loss of their assets.
Tools Used
N/A
Recommendations
change parameter address(this) to beneficiary
Lead Judging Commences
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.