Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Improper Token Transfer in to `Treasury` in the `FeeCollector`

waydou

Summary

The emergencyWithdraw function directly transfers tokens to the treasury instead of using the deposit function. However, there is no way to retrieve these tokens from the treasury, leading to potential permanent loss of funds.
The same issue is present in the _processDistributions

Vulnerability Details

The emergencyWithdraw function allows the contract to withdraw tokens in emergency situations, but it directly transfers them to the treasury:

function emergencyWithdraw(address token) external override whenPaused {
if (!hasRole(EMERGENCY_ROLE, msg.sender)) revert UnauthorizedCaller();
if (token == address(0)) revert InvalidAddress();
uint256 balance;
if (token == address(raacToken)) {
balance = raacToken.balanceOf(address(this));
//@audit not using the deposit
raacToken.safeTransfer(treasury, balance);
} else {
balance = IERC20(token).balanceOf(address(this));
SafeERC20.safeTransfer(IERC20(token), treasury, balance);
}
emit EmergencyWithdrawal(token, balance);
}

Same issue is present in the _processDistributions
This means that the tokens are not tracked in the treasury, hence it's not possible to withdraw as the withdraw function deducts from _balances[token]

Impact

lock of funds in the treasury contract as The function transfers tokens directly to the treasury without using the deposit function which meansThe tokens are not tracked and hence impossible to withdraw.

Tools Used

Manual review

Recommendations

Use the treasury::deposit instead

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

FeeCollector::_processDistributions and emergencyWithdraw directly transfer funds to Treasury where they get permanently stuck

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.