Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Emergency Pause Mechanism Could Prevent Critical Vulnerability Remediation

princekay

Description

While the contract implements a whenActive modifier, it lacks a comprehensive emergency pause mechanism that could be crucial in responding to critical vulnerabilities or unexpected issues. This limitation could prevent timely response to security incidents.

Affected code

function buy(uint256 amount) external whenActive {

require(amount <= state.totalRemaining, "Not enough ZENO remaining");

uint256 price = getPrice();

// ... rest of the function

}

Vulnerability details

The whenActive modifier provides basic control but lacks:
- Emergency pause functionality
- Graduated pause levels for different functions
- Clear pause/unpause access controls
- Events for pause state changes
In case of a critical vulnerability, the team would be unable to quickly pause operations
No mechanism exists to pause specific high-risk functions while keeping others operational

Tools Used

Manual Review

Recommended Mitigation Steps

Implement OpenZeppelin's Pausable contract:

import "@openzeppelin/contracts/security/Pausable.sol";

contract ZENOAuction is Pausable {

function buy(uint256 amount) external whenActive whenNotPaused {

// ... existing function code

}

function pause() external onlyOwner {

_pause();

}

function unpause() external onlyOwner {

_unpause();

}

Add events for pause/unpause actions
Implement tiered pause functionality for different severity levels
Add timelock for unpause actions to prevent hasty resumption

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.