`veRAACToken.sol` cannot be paused
Relevant Github Link
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/tokens/veRAACToken.sol#L103
Summary
veRAACToken.sol::paused cannot be modified due to the absence of a setter function, rendering the contract incapable of being paused under any circumstances.
Vulnerability Details
veRAACToken.sol::paused is the variable which indicate whether the contract is paused. Several functions are designed to revert when veRAACToken.sol::paused is set to true. However, since there is no setter function for this variable, its value remains perpetually false, preventing the contract from entering a paused state.
Impact
Without the ability to pause the contract, it cannot be halted during emergencies or critical situations, potentially exposing it to unforeseen risks.
Tools Used
Manual Review
Recommendations
Implement a setter function to allow authorized entities to modify the paused state as needed. This can be achieved by introducing a function, typically restricted to the contract’s owner or an authorized role, that updates the paused variable. For enhanced security and standardization, consider inheriting from OpenZeppelin’s Pausable contract, which provides built-in pause functionality
Lead Judging Commences
veRAACToken lacks the ability to configure `paused` variable
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.