Ineffective Pause Mechanism in veRAACToken Contract
Summary
In the veRAACToken contract where the paused state variable and the whenNotPaused modifier do not function as intended. This issue prevents the contract from being effectively paused, potentially allowing users to perform actions even when the contract is supposed to be paused. This could lead to unintended behavior, especially during emergencies periods.
Vulnerability Details
The paused state variable is intended to control whether the contract is paused or not. The whenNotPaused modifier is used to restrict certain functions from being executed when the contract is paused. However, the paused variable is never updated within the contract, and there is no function provided to toggle the pause state. As a result, the whenNotPaused modifier will always allow function execution, rendering the pause mechanism ineffective.
The
pausedstate variable is declared but never modified within the contract.There is no function to pause or unpause the contract.
The
whenNotPausedmodifier checks thepausedvariable, but since it is never updated, the modifier does not restrict any actions.
Impact
The inability to pause the contract can have significant consequences, especially during emergencies.
Unintended Actions: Users can continue to lock, increase, or extend their positions even when the contract should be paused.
Emergency Response: In case of a security breach or critical bug, the inability to pause the contract could exacerbate the issue, leading to potential loss of funds or other unintended consequences.
Tools Used
Manual Review
Recommendations
Add functions to allow the contract owner to pause and unpause the contract, or use OpenZeppelin’s pause contract.
Lead Judging Commences
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.