Stuck Funds Due To An Emergency Revoke
Summary
In the RAACReleaseOrchestrator.sol contract the emergencyRevoke function sends unreleased tokens to address(this) instead of the admin, which can lead to tokens being stuck in the contract.
Vulnerability Details
The vulnerability arises from the emergencyRevoke function, which is designed to revoke a beneficiary's vesting schedule and handle the unreleased tokens. However, instead of transferring the unreleased tokens to the admin or a designated address, the function transfers them to address(this), the contract itself. Since the contract does not have a mechanism to withdraw these tokens, they become stuck and inaccessible.
Impact
By transferring unreleased tokens to the contract itself, the protocol effectively locks these tokens, making them inaccessible. This can lead to a loss of tokens that were intended to be reallocated or managed by the admin. It undermines the flexibility and functionality of the vesting mechanism, as the protocol cannot recover or reassign these tokens once they are stuck in the contract.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, update the emergencyRevoke function to transfer the unreleased tokens to the admin or a designated address instead of the contract itself.
Lead Judging Commences
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.