Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

User can't claim allocated funds

ke1caM

Summary

Treasury has a function that allocates tokens to users that user should be able to receive, however there is no implementation for users to claim allocated funds.

Vulnerability Details

There is a allocateFunds function which allocates funds to users. There are two issues. One is that there is no function for claiming the assigned allocation. Second issue is that, this function does not specify the token address. It only assigns raw amount of funds but the currency of this allocation is not known.

function allocateFunds(
address recipient,
uint256 amount
) external override onlyRole(ALLOCATOR_ROLE) {
if (recipient == address(0)) revert InvalidRecipient();
if (amount == 0) revert InvalidAmount();
_allocations[msg.sender][recipient] = amount;
emit FundsAllocated(recipient, amount);
}

Impact

Allocation system lacks mechainsm to claim the allocations and does not specify the address of the token that is assigned to users balance. These missing implementation prevent contract from expected behaviour.

Tools Used

Manual Review, Hardhat

Recommendations

When using allocateFunds add new parameter for token address. Add function to allow receipients to claim the tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

What do people do with allocations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.