Submission Details
Severity:
`veRAACToken` contract lacks pause functionality
Summary
Per the purpose for which the veRAACToken was built, and the presence of a whenNotPaused() modifier, this particular contract is meant to have a means for it to be paused. But in its current state, this functionality is missing.
Impact
In the events that the contract needs to be paused, fow whatever reasons; for withdrawals, upgrades, in the case of an hack, etc., it is impossible to do so.
Plus, it makes the whenNotPaused() modifier currently useless.
Tools Used
Manual Review
Recommendations
Add a pause function that is callable by onlyOwner
function pause() external onlyOwner {
paused = true;
}
Here is a test to prove this mitigation:
// SPDX-License-Identifier: MIT
import {Test, console2} from "forge-std/Test.sol";
import {veRAACToken} from "../contracts/core/tokens/veRAACToken.sol";
import {RAACMockERC20} from "../contracts/mocks/core/tokens/RAACMockERC20.sol";
contract TestVeRAACToken is Test {
veRAACToken vrc;
RAACMockERC20 mrt; // mock RAACERC20 token
address owner = address(0x1);
address user = address(0x2);
function setUp() public {
vm.startPrank(owner);
mrt = new RAACMockERC20(owner);
vrc = new veRAACToken(address(mrt));
mrt.mintTo(user, 10_000e18); // mint 10k mrt to user
vm.stopPrank();
}
function testPause() public {
assert(vrc.paused() == false);
vm.prank(owner);
vrc.pause();
assert(vrc.paused() == true);
// User tries to lock funds when contract is currently paused
vm.startPrank(user);
mrt.approve(address(vrc), 10_000e18);
vm.expectRevert();
vrc.lock(1_000e18, 365 days);
vm.stopPrank();
}
}
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.