Submission Details
Severity:
Redundant Self-Transfer in `emergencyRevoke` Function
Summary
The emergencyRevoke function in RaacReleaseOchestrator.sol performs an unnecessary self-transfer of unreleasedAmount tokens to the contract’s own address. Since the tokens are already held by the contract, this operation is redundant and serves no purpose, potentially confusing future maintainers.
Vulnerability Details
Code Snippet
if (unreleasedAmount > 0) {
raacToken.transfer(address(this), unreleasedAmount); // @audit-info Redundant self-transfer
emit EmergencyWithdraw(beneficiary, unreleasedAmount);
}
Impact
redundancy of transfer.
Recommendations
Remove the redundant transfer call:
if (unreleasedAmount > 0) {
emit EmergencyWithdraw(beneficiary, unreleasedAmount); // No need for transfer
}
This simplifies the function.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.