`TimelockController::executeEmergencyAction` doesn't check for `EMERGENCY_DELAY` period before executing an emergency action
Summary
The TimelockerController.sol::scheduleEmergencyAction and TimelockerController.sol::executeEmergencyAction are functions to accelerate the proposal process and jump the usual delay to be executed in a short period of time. However, it still needs to wait for a minimum delay, and that is what the TimelockerController implements a constant variable to have a delay over emergency actions.
Vulnerability Details
The problem is thatEMERGENCY_DELAYis never used and any operation can be instantly executed once scheduled.
Impact
Emergency actions can be executed immediately not giving time for users to acknowledge the situation and decide what to do.
Tools Used
Code Review
Recommendations
Check if block.timestampis bigger than _operations[id].timestamp + EMERGENCY__DELAYand then execute the action.
Lead Judging Commences
TimelockController emergency actions bypass timelock by not enforcing EMERGENCY_DELAY, allowing immediate execution
TimelockController emergency actions bypass timelock by not enforcing EMERGENCY_DELAY, allowing immediate execution
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.