Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Contracts Critical Function is called with a different role instead of the one specified.

akioniace

Summary

RAACMinter::emergencyShutdown should be called by the EMERGENCY_SHUTDOWN_ROLE instead it is called by the DEFAULT_ADMIN_ROLE.

Vulnerability Details

RAACMinter establishes the roles to do specific execution of functions or other operations dependent on the role. SLOC#50-52.

// File: contracts/core/minters/RAACMinter/RAACMinter.sol
bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
bytes32 public constant UPDATER_ROLE = keccak256("UPDATER_ROLE");
bytes32 public constant EMERGENCY_SHUTDOWN_ROLE = keccak256("EMERGENCY_SHUTDOWN_ROLE");

Examining the Code, it is critical function on the contract that is used for the emergencyShutdown or Instant Pause (Emergency shutdown function to pause the critical functions.) SLOC#357-364. If we look at the function RAACMinter::emergencyShutdown SLOC#357-364 it is called by the DEFAULT_ADMIN_ROLE instead of the EMERGENCY_SHUTDOWN_ROLE.

// File: contracts/core/minters/RAACMinter/RAACMinter.sol
function emergencyShutdown(bool updateLastBlock, uint256 newLastUpdateBlock) external onlyRole(DEFAULT_ADMIN_ROLE) { // <@ POC Here
emissionRate = 0;
_pause();
if (updateLastBlock) {
_setLastUpdateBlock(newLastUpdateBlock);
}
emit EmergencyShutdown(msg.sender, lastUpdateBlock);
}

Impact

Function Should be Called by the Role but the Role Used here is not Suitable for the execution of the function. If the contract Already Decide to provided role for the emergency operations then EMERGENCY_SHUTDOWN_ROLE should execute the operations instead of the DEFAULT_ADMIN_ROLE.

Tools Used

  • Manual Review

Recommended Mitigation

In RAACMinter::constructor add this.

_grantRole(DEFAULT_ADMIN_ROLE, initialOwner);
_grantRole(PAUSER_ROLE, initialOwner);
_grantRole(UPDATER_ROLE, initialOwner);
+ _grantRole(EMERGENCY_SHUTDOWN_ROLE, initialOwner);

and change role in the function.

- function emergencyShutdown(bool updateLastBlock, uint256 newLastUpdateBlock) external onlyRole(DEFAULT_ADMIN_ROLE) {
+ function emergencyShutdown(bool updateLastBlock, uint256 newLastUpdateBlock) external onlyRole(EMERGENCY_SHUTDOWN_ROLE) {
emissionRate = 0;
_pause();
if (updateLastBlock) {
_setLastUpdateBlock(newLastUpdateBlock);
}
emit EmergencyShutdown(msg.sender, lastUpdateBlock);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter defines EMERGENCY_SHUTDOWN_ROLE but emergencyShutdown uses DEFAULT_ADMIN_ROLE, and EMERGENCY_SHUTDOWN_ROLE is never granted to any account

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter defines EMERGENCY_SHUTDOWN_ROLE but emergencyShutdown uses DEFAULT_ADMIN_ROLE, and EMERGENCY_SHUTDOWN_ROLE is never granted to any account

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!