Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

No mechanism for recipients to claim these allocations in `Treasury` Contract

0xaadi

Summary

The allocateFunds function allows allocators to assign funds to recipients, but there is no mechanism for recipients to claim these allocations.

Vulnerability Details

The contract maintains a mapping _allocations[allocator][recipient] to track assigned funds, but:

function allocateFunds(
address recipient,
uint256 amount
) external override onlyRole(ALLOCATOR_ROLE) {
if (recipient == address(0)) revert InvalidRecipient();
if (amount == 0) revert InvalidAmount();
@> _allocations[msg.sender][recipient] = amount;
emit FundsAllocated(recipient, amount);
}

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/collectors/Treasury.sol#L87C1-L96C6

  • There is no function enabling a recipient to claim their allocated funds.

  • Allocations are merely stored values with no impact on fund movement.

Impact

Since recipients cannot claim allocations, the entire feature lacks functionality.

Tools Used

Manual Review

Recommendations

Implement a claim function that allows recipients to withdraw allocated funds.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

What do people do with allocations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!