Incorrect Token Recovery in Emergency Revoke
Summary
emergencyRevoke attempts to transfer unreleased tokens to the contract itself via raacToken.transfer(address(this), ...), which is a no-op and leaves tokens stranded.
Impact
Revoked tokens remain in the contract indefinitely, unusable by anyone, effectively burning them.
Vulnerability Details
The transfer call mistakenly uses address(this) as the destination, failing to recover tokens.
-> creating scenarios demonstrating the impact
unreleasedAmount = 10,000tokens.After
emergencyRevoke, the 10,000 tokens stay in the contract with no withdrawal mechanism, permanently lost.
Recommendations
Transfer tokens to a designated recovery address (e.g., treasury):
Lead Judging Commences
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.