Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`GaugeController::distributeRevenue` although access controlled, has the `whenNotPaused` modifier and block ` the `EMERGENCY_ROLE` from distributing users revenue

77SecMentees

Summary

GaugeController implements two emergency functions:

emergencyShutdown()
setEmergencyPause

While the emergencyShutdownonly deactivate specific gauges from the distribution, the setEmergencyPauseblocks multiple GaugeControllerfunctions. One of these functions is the access-controlled distributeRevenuecreate to distribute during emergency periods.

function distributeRevenue(

GaugeType gaugeType,

uint256 amount

- ) external onlyRole(EMERGENCY_ADMIN) whenNotPaused { <@

if (amount == 0) revert InvalidAmount();

uint256 veRAACShare = amount * 80 / 100; // 80% to veRAAC holders

uint256 performanceShare = amount * 20 / 100; // 20% performance fee

revenueShares[gaugeType] += veRAACShare;

_distributeToGauges(gaugeType, veRAACShare);

emit RevenueDistributed(gaugeType, amount, veRAACShare, performanceShare);

}

Vulnerability Details

The distributeRevenue function is called by the same actor who declares the emergency action. This means it has access control and there is no reason to be blocked during emergency circuit breakers as it will halt the protocol's ability to distribute the revenue.

Impact

By using the whenNotPausedmodifier on the distributeRewardfunction, the function purpose is halted and none of the users will be able to receive their revenues.

Tools Used

Code Review

Recommendations

Remove the whenNotPausedmodifier from the access-controlled function to allow revenue distribution during emergency actions and fulfill the function's purpose.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!