Submission Details
Severity:
Operation executed is not set to true for emergency actions.
Summary
Operation executed is not set to true for emergency actions.
Vulnerability Details
Following is execute emergency function
function executeEmergencyAction(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata calldatas,
bytes32 predecessor,
bytes32 salt
) external payable onlyRole(EMERGENCY_ROLE) nonReentrant {
bytes32 id = hashOperationBatch(targets, values, calldatas, predecessor, salt);
if (!_emergencyActions[id]) revert EmergencyActionNotScheduled(id);
delete _emergencyActions[id];
for (uint256 i = 0; i < targets.length; i++) {
(bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]);
if (!success) {
if (returndata.length > 0) {
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
}
revert CallReverted(id, i);
}
}
emit EmergencyActionExecuted(id);
}
As can be seen that operation executed to true is not set for emergency actions. Due to which this operation id can be executed again even after it has been executed.
Impact
Double executionof operation id can happen.
Tools Used
Recommendations
Set operation excuted to true.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.