Core Contracts

Description

RAACReleaseOrchastrator::emergencyRevoke is an emergency function to clear a vesting schedule for a beneficiary. While the function most certainly clears a vesting schedule, it will transfer "cleared" RAAC Tokens to itself in the process, locking them indefinitely.

Vulnerable Code

RAACReleaseOrchastrator::emergencyRevoke:

As you can see in the highlighted code, the RAAC Token will be transferred to the contract itself, but the contract has no functionality to withdraw those tokens or to reinstate a new vesting schedule for those tokens.

Impact

While an emergency revoke of the vesting schedule might be necessary due to several factors (lost private keys, compromised private keys, and many more), it is certainly undesirable to have potentially large amounts of RAAC Token supply locked within this contract. This would dilute the market of RAAC, resulting in undervaluing of the tokens. Also the vesting partner, those tokens would have been meant for, has no possibility of still redeeming those tokens (in case the function was called due to private key compromise). An impact rating as Medium seems accurate since there is no actual harm to protocol functionality, the issue simply dilutes the circulating supply of the tokens.

Likelyhood: Low
Impact: Medium

Severity: Medium

Tools Used

Manual Review

Recommended Mitigation

Depending on the potential emergencies this function is supposed to handle, there would be several mitigations:

1. Allow implementing a new vesting schedule for those tokens, e.g. if a vesting receiver lost access to their private keys.

2. Transfer those funds into the treasury or make them available as additional liquidity on the market, just to make them usable at all.

3. Directly burn them.