Submission Details
Severity:
`veRAACToken` Contract Uses Pausable Modifiers Without Inheriting Pausable Contract
Summary
The veRAACToken contract uses the whenNotPaused modifier in several functions but fails to inherit from OpenZeppelin's Pausable contract, making these modifiers non-functional and the intended pause functionality impossible.
Vulnerability Details
In veRAACToken.sol:
contract veRAACToken is ERC20, Ownable, ReentrancyGuard, IveRAACToken { // Missing Pausable
// ... other code ...
function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused { // whenNotPaused will not work
// ... function implementation
}
function increase(uint256 amount) external nonReentrant whenNotPaused { // whenNotPaused will not work
// ... function implementation
}
function extend(uint256 duration) external nonReentrant whenNotPaused { // whenNotPaused will not work
// ... function implementation
}
}
The contract uses whenNotPaused modifier in critical functions but doesn't inherit from Pausable, making it impossible to pause the contract.
Impact
Contract cannot be paused in case of emergency.
Tools Used
Manual review
Recommendations
Inherit from OpenZeppelin's Pausable contract and add pause/unpause functionality
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.