Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect event emitted in `Governance` constructor

0xcryptanu

Summary

The event emitted in the constructor could lead to chasing down the wrong leads via event emissions.

Vulnerability Details

The constructor of the Governance contract emits an incorrect event when validating the veToken and timelock addresses. The current implementation uses the InvalidTimelockAddress event for both the veToken and timelock address checks, which is misleading and could cause confusion during debugging or auditing.

In the constructor, the following code is used to validate the addresses:

if (_veTokenAddr == address(0)) revert InvalidTimelockAddress(_veTokenAddr, "Zero address");
if (_timelockAddr == address(0)) revert InvalidTimelockAddress(_timelockAddr, "Zero address");

Impact

Using the wrong event for the veToken address validation can lead to misunderstandings about which address is invalid, complicating troubleshooting and potentially leading to incorrect assumptions about the contract's behavior.

Tools Used

Recommendations

Define a separate event or revert reason for the veToken address validation to clearly distinguish between the two checks. For example, use InvalidVeTokenAddress for the veToken address validation:

-if (_veTokenAddr == address(0)) revert InvalidTimelockAddress(_veTokenAddr, "Zero address");
+if (_veTokenAddr == address(0)) revert InvalidVeTokenAddress(_veTokenAddr, "Zero address");
if (_timelockAddr == address(0)) revert InvalidTimelockAddress(_timelockAddr, "Zero address");
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!