Submission Details
Severity:
Double Emergency Delay in veRAACToken Emergency Withdrawal System
Description
The veRAACToken contract implements an emergency withdrawal system with a security delay. However, the EMERGENCY_DELAY (3 days) is applied twice: once in the veRAACToken::withEmergencyDelay modifier and once in the veRAACToken::enableEmergencyWithdraw function, resulting in a total delay of 6 days before users can withdraw their funds.
modifier withEmergencyDelay(bytes32 actionId) {
uint256 scheduleTime = _emergencyTimelock[actionId];
if (scheduleTime == 0) revert EmergencyActionNotScheduled();
// First 3-day delay
@> if (block.timestamp < scheduleTime + EMERGENCY_DELAY) revert EmergencyDelayNotMet();
_;
delete _emergencyTimelock[actionId];
}
function enableEmergencyWithdraw() external onlyOwner withEmergencyDelay(EMERGENCY_WITHDRAW_ACTION) {
// Second 3-day delay
@> emergencyWithdrawDelay = block.timestamp + EMERGENCY_DELAY;
emit EmergencyWithdrawEnabled(emergencyWithdrawDelay);
}
Risk
Likelihood: Low
Only occurs during emergency situations which are rare events
Impact: Medium
Users cannot withdraw funds for 6 days instead of 3 days during emergencies
Recommended Mitigation
Remove delay from modifier:
modifier withEmergencyDelay(bytes32 actionId) {
uint256 scheduleTime = _emergencyTimelock[actionId];
if (scheduleTime == 0) revert EmergencyActionNotScheduled();
- if (block.timestamp < scheduleTime + EMERGENCY_DELAY) revert EmergencyDelayNotMet();
+ if (block.timestamp < scheduleTime) revert EmergencyDelayNotMet();
_;
delete _emergencyTimelock[actionId];
}
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken implements two consecutive 3-day emergency delays (totaling 6 days), hindering timely emergency response when funds need to be withdrawn quickly
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.