Indefinite Rescheduling of Emergency Unlock
Summary
The scheduleEmergencyUnlock function permits the owner to continuously reset the emergency timelock, preventing the emergency unlock from ever executing.
Vulnerability Details
The scheduleEmergencyUnlock function resets the emergency timelock to the current block timestamp each time it is called without checking if the set timelock is still active. This behavior breaches the security guarantee that emergency actions occur only after a fixed minimum delay.
An attacker, acting as the owner, invokes the function repeatedly; each reset extends the waiting period, thereby permanently delaying the execution of executeEmergencyUnlock and blocking emergency withdrawals. This undermines the intended safety mechanism embedded in the contract.
Impact
Blocking emergency unlock indefinitely is effectively denying users their fallback option in a crisis. If the system is designed so that users rely on emergency unlock to protect or retrieve funds quickly, preventing it represents a severe disruption to a critical protocol function.
If the owner is malicious or compromised, calling scheduleEmergencyUnlock() in a timed loop is trivial. There’s no obscure condition required. Hence, it’s straightforward and “highly probable” if the owner (or whoever controls the owner keys) wishes to block the emergency unlock.
Tools Used
Manual Review
Recommendations
Implement a check within the scheduleEmergencyUnlock function to ensure that it cannot be called again until EMERGENCY_DELAY has passed since the previous schedule.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.