Lack of Pause Mechanism Implementation in veRAACToken.sol
Summary
The contract lacks any function to set the paused variable, rendering the pause functionality inoperative.
Vulnerability Details
In veRAACToken.sol, there is a modifier named whenNotPaused():
This modifier is supposed to protect certain functions from being called when the contract is paused. However, there is no implemented function to set or update the paused variable within the contract. As a result, the paused state cannot be toggled, rendering the pause functionality effectively useless.
Impact
Since the paused variable can never be changed, the functions protected by whenNotPaused() can always be called. This undermines the intended safety measure of pausing critical operations during emergencies or maintenance windows, reflecting a significant governance and security gap.
Tools Used
Manual code review of veRAACToken.sol
Recommendations
Provide functions (e.g., pause() and unpause()) to toggle the paused variable. Ensure these functions are correctly restricted (e.g., only the owner or a valid governance contract can call them).
Lead Judging Commences
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.