Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Race condition in `Treasury::allocateFunds()`

056Security

Summary

The Treasury contract manages protocol treasury funds with role-based access control. It allows allocators to give specific fund allocations for users to spend. However, the current implementation, allows for users to front-run changes being made.

Vulnerability Details

Currently, the allocateFunds directly sets a new value for the user's allocation:

function allocateFunds(
address recipient,
uint256 amount
) external override onlyRole(ALLOCATOR_ROLE) {
if (recipient == address(0)) revert InvalidRecipient();
if (amount == 0) revert InvalidAmount();
@> _allocations[msg.sender][recipient] = amount; // @audit - user can fron-run, use up the current allocation, and then use up the new one
emit FundsAllocated(recipient, amount);
}

This could lead to users front-running updates and for example, when the allocator wants to decrease an allocation, the user uses up his current allocation, then gets a new one set, eventually being able to spend more than what was meant for him.

Impact

Users front-run allocation decreases.

Tools Used

Manual review

Recommendations

Check the current user allocation, and then either increase it or decrease it.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::allocateFunds should increase or decrease funds to avoid recipient frontrunning and double spending

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!