Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

transfer logic in `emergencyRevoke` function in RAACReleaseOrchestrator contract is incorrect.

tadev

Summary

emergencyRevoke function in RAACReleaseOrchestrator contract is defined as follows:

function emergencyRevoke(address beneficiary) external onlyRole(EMERGENCY_ROLE) {
VestingSchedule storage schedule = vestingSchedules[beneficiary];
if (!schedule.initialized) revert NoVestingSchedule();
uint256 unreleasedAmount = schedule.totalAmount - schedule.releasedAmount;
delete vestingSchedules[beneficiary];
if (unreleasedAmount > 0) {
raacToken.transfer(address(this), unreleasedAmount);
emit EmergencyWithdraw(beneficiary, unreleasedAmount);
}
emit VestingScheduleRevoked(beneficiary);
}

if unreleasedAmount is greater than 0, the following transfer is executed: raacToken.transfer(address(this), unreleasedAmount);.

This doesn't make sense it means transferring tokens to the contract itself.

Depending on the expected behaviour in case of emergency revoke, transfer should be either removed (tokens stay in the orchestrator contract) or should be done but sending to another address owned by the protocol.

Impact

The impact of this issue is low.

Tools Used

Manual review.

Recommendations

Make sure to correctly handle token transfers in case of revocation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!