Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Voting Power Retained After Emergency Withdrawal

mahdikarimi

Summary

The emergencyWithdraw function in the veRAACToken contract allows users to withdraw their deposited tokens but does not reset their voting power checkpoint to zero. As a result, users can continue to exert voting power even after they have no funds deposited in the contract.

Impact

A user can retain governance power despite withdrawing all their locked tokens, leading to a governance manipulation risk.

Root Cause

The emergencyWithdraw function fails to update the checkpoint data to reflect a zero voting power after withdrawal. This occurs because it does not invoke Checkpoints.writeCheckpoint() to set the user’s voting power to zero.

Proposed Fix

Modify the emergencyWithdraw function to ensure the user’s voting power is set to zero by updating their checkpoint:

function emergencyWithdraw() external {
uint256 amount = userDeposits[msg.sender];
require(amount > 0, "No funds to withdraw");
// Reset user deposit
userDeposits[msg.sender] = 0;
// Ensure voting power is set to zero
Checkpoints.writeCheckpoint(userCheckpoints[msg.sender], sub, amount);
// Transfer tokens back to the user
token.safeTransfer(msg.sender, amount);
emit EmergencyWithdraw(msg.sender, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::emergencyWithdraw doesn't update checkpoint - innacurate historical voting power, inconsistent state

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.