Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Error Message on Time Lock Validation

0xdoko

Summary

The functions applyTreasuryUpdate and applyRepairFundUpdate incorrectly revert with UnauthorizedCaller() when the effective time has not yet been reached. This error message is misleading and does not accurately describe the condition being checked.

Vulnerability Details

In both applyTreasuryUpdate and applyRepairFundUpdate, the following line is used to enforce the time lock requirement:

if (block.timestamp < pendingTreasury.effectiveTime) revert UnauthorizedCaller();

and

if (block.timestamp < pendingRepairFund.effectiveTime) revert UnauthorizedCaller();

The issue is that UnauthorizedCaller() suggests that the function is being called by an unauthorized address, while in reality, the check is related to the time lock not having elapsed yet. A more appropriate error would indicate that the transaction is premature rather than unauthorized.

Impact

  • Misleading error messages can make debugging and incident response more difficult.

  • If external tools or scripts depend on specific error messages for handling, they may behave incorrectly.

Tools Used

Manual review

Recommendations

  • Replace the incorrect error message with a more accurate one.

  • Introduce a dedicated error, such as TimeLockNotElapsed(), to properly reflect the reason for failure.

Fixed Code Example

if (block.timestamp < pendingTreasury.effectiveTime) revert TimeLockNotElapsed();

and

if (block.timestamp < pendingRepairFund.effectiveTime) revert TimeLockNotElapsed();

This ensures that the error message correctly represents the condition being checked.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.