Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing checkpoint update during `emergencyWithdraw()`

sunless_

Summary

During the creation and withdrawal of a locked veToken, there is a crucial call being made to writeCheckpoint() to update the state.

However, this call is MISSING in emergencyWithdraw() which allows withdrawal of tokens before expiry. This may lead to unintended behaviour later on.

Vulnerability Details

The function emergencyWithdraw() allows Users to withdraw their lock before expiry.
#emergencyWithdraw()

delete _lockState.locks[msg.sender];
delete _votingState.points[msg.sender];
// no checkPoint update ?
_burn(msg.sender, currentPower);
raacToken.safeTransfer(msg.sender, amount);

Notice the crucial state changes made in these lines of code. However, it does NOT make any call to writeCheckpoint() which is done during normal withdraw()
.
This may lead to unintended state changes or behaviour later on.

Tools Used

Manual

Recommendations

Consider adding this:

delete _lockState.locks[msg.sender];
delete _votingState.points[msg.sender];
+ _checkpointState.writeCheckpoint(msg.sender, 0); //add this
_burn(msg.sender, currentPower);
raacToken.safeTransfer(msg.sender, amount);
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::emergencyWithdraw doesn't update checkpoint - innacurate historical voting power, inconsistent state

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.