Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Gauge admin can reactivate emergency shutdown gauges, undermining emergency controls

patitonar

Summary

The GaugeController::toggleGaugeStatus() function allows gauge admins to reactivate gauges that were emergency shutdown by the emergency admin, undermining the emergency control system.

Vulnerability Details

The GaugeController::emergencyShutdown() function allows emergency admins to deactivate gauges in critical situations by setting gauges[gauge].isActive = false. However, gauge admins can simply call GaugeController::toggleGaugeStatus() to reactivate these gauges since this function just toggles the isActive boolean without any checks for emergency shutdown status.

This creates a conflict between emergency and gauge admin privileges, where gauge admins can override emergency controls meant to protect the protocol in critical situations.

Impact

  • This undermines emergency controls that are critical for protocol safety

  • Emergency admin actions can be reversed by gauge admins with lower privileges

  • Could lead to continued emissions/rewards to compromised or vulnerable gauges

  • No permanent damage but weakens protocol safety mechanisms

Tools Used

Manual review

Proof of Concept

Add the following test case to the test/unit/core/governance/gauges/GaugeController.test.js file:

it("gauge admin can reactivate emergency shutdown gauge", async function() {
// Initial gauge status
const initialGaugeStatus = await gaugeController.gauges(rwaGauge.target);
expect(initialGaugeStatus.isActive).to.equal(true);
// Emergency admin performs shutdown
await gaugeController.connect(emergencyAdmin).emergencyShutdown(rwaGauge.target);
const gaugeStatusAfterShutdown = await gaugeController.gauges(rwaGauge.target);
expect(gaugeStatusAfterShutdown.isActive).to.equal(false);
// Gauge admin can reactivate
await gaugeController.connect(gaugeAdmin).toggleGaugeStatus(rwaGauge.target);
const gaugeStatusAfterReactivation = await gaugeController.gauges(rwaGauge.target);
expect(gaugeStatusAfterReactivation.isActive).to.equal(true);
});

Recommendations

Add a check in toggleGaugeStatus to prevent reactivation of emergency shutdown gauges:

// Track emergency shutdown status
+ mapping(address => bool) public emergencyShutdown;
function emergencyShutdown(address gauge) external {
if (!hasRole(EMERGENCY_ADMIN, msg.sender)) revert UnauthorizedCaller();
if (!isGauge(gauge)) revert GaugeNotFound();
gauges[gauge].isActive = false;
+ emergencyShutdown[gauge] = true;
emit EmergencyShutdown(gauge, msg.sender);
}
function toggleGaugeStatus(address gauge) external onlyGaugeAdmin {
if (!isGauge(gauge)) revert GaugeNotFound();
+ if (emergencyShutdown[gauge]) revert GaugeEmergencyShutdown();
gauges[gauge].isActive = !gauges[gauge].isActive;
emit GaugeStatusUpdated(gauge, gauges[gauge].isActive);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.