Contract `veRAACToken` is not pausable, because `pause` can never be changed to true
Summary
The contract declares a public boolean variable paused and implements the modifier whenNotPaused to prevent function execution when the contract is paused. However, there is no function in the contract that ever sets paused to true. As a result, the contract can never be paused because paused remains false by default, rendering the whenNotPaused modifier ineffective.
Vulnerability Details
-
Variable Declaration:
bool public paused;Since no initializer or setter function is provided,
pauseddefaults tofalse. -
Modifier Implementation:
modifier whenNotPaused() {if (paused) revert ContractPaused();_;}This modifier is intended to block function calls when the contract is paused. However, because
pausedis never updated, this check will always pass.
Impact
The intended functionality of pausing the contract (for emergency or maintenance purposes) is not operational. This could lead to issues in scenarios where the contract owner needs to halt operations (e.g., to mitigate an exploit).
Tools Used
Manual review
Recommendations
Implement Pause/Unpause Functions:
Add functions that allow the contract owner (or an authorized party) to set thepausedvariable. For example:function pause() external onlyOwner {paused = true;emit Paused(msg.sender);}function unpause() external onlyOwner {paused = false;emit Unpaused(msg.sender);}
Lead Judging Commences
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.