Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing pause control mechanism in veRAACToken contract

DRUGstore

Summary

The veRAACToken contract implements a pause modifier but provides no way to actually pause the contract, creating a false sense of security and preventing legitimate emergency protocol freezing.

Vulnerability Details

The contract declares but does not implement critical pause controls:

modifier whenNotPaused() {
//@audit - there is no mechanism to set this bool paused variable.
if (paused) revert ContractPaused();
_;
}

The veRAAC contract declares a paused variable and defines the above modifier, but it does not provide a function/mechanism to set the value of the bool paused.

So, because of this, the whenNotPaused modifier can never activate as paused remains uninitialized (default false) with no way to change state.Protocol admins cannot freeze operations during security incidents

Impact

The lack of pause functionality leaves the protocol vulnerable during emergencies, as there's no way to halt operations if a critical issue arises. This oversight undermines the intended safety mechanism and could lead to significant financial and reputational damage if exploited.

Tools Used

Manual review

Recommendations

Add pause control functions:

function pause() external onlyOwner {
_pause();
}
function unpause() external onlyOwner {
_unpause();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken lacks the ability to configure `paused` variable

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.