Submission Details
Severity:
The executeEmergencyAction did not updated the operation.executed to true before execution
Summary
The executeEmergencyAction did not update the operation.executed before an emergency action.
Vulnerability Details
The executeEmergencyAction allows the EMERGENCY_ROLE to execute an emergency action.
function executeEmergencyAction(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata calldatas,
bytes32 predecessor,
bytes32 salt
) external payable onlyRole(EMERGENCY_ROLE) nonReentrant {
bytes32 id = hashOperationBatch(targets, values, calldatas, predecessor, salt);
if (!_emergencyActions[id]) revert EmergencyActionNotScheduled(id);
delete _emergencyActions[id];
for (uint256 i = 0; i < targets.length; i++) {
(bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]);
if (!success) {
if (returndata.length > 0) {
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
}
revert CallReverted(id, i);
}
}
emit EmergencyActionExecuted(id);
}
An issue with this implementation is that it failed it update the operation.executed to true before execution, just like it happened in the the normal execute function.
Impact
The operation state is not updated , this will lead to functions like isOpearationPending and isOperationDone returning incorrect state.
Tools Used
manual review
Recommendations
Update the operation.executed to true in the executeEmergencyAction
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.