Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing Pause/Unpause Functionality in veRAACToken contract

tinnohofficial

Summary

The veRAACToken contract has a paused state variable and a whenNotPaused modifier, but lacks the actual functionality to pause and unpause the contract, thus making the pause protection ineffective.

Vulnerability Details

The contract includes a state variable bool public paused; and uses the modifier whenNotPausedthat checks this variable.
Critical functions likelock(), increase(), and extend()\ use this modifier

However, there are no functions to:

  • Pause the contract (set paused = true)

  • Unpause the contract (set paused = false)

bool public paused; // State variable exists
modifier whenNotPaused() {
if (paused) revert ContractPaused();
_;
}
function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused {
// @audit Function protected by whenNotPaused but no way to actually pause
}

Impact

  • The contract cannot be paused in case of emergencies

  • The paused state variable and modifier provide a false sense of security for the functions lock, increase and extend

Tools Used

  • Manual review

Recommendations

Add pause/unpause functionality with proper access control:

function pause() external onlyOwner {
paused = true;
emit Paused();
}
function unpause() external onlyOwner {
paused = false;
emit Unpaused();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken lacks the ability to configure `paused` variable

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!