Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Race condition in `Treasury::allocateFunds()`

056Security

Summary

The Treasury contract manages protocol treasury funds with role-based access control. It allows allocators to give specific fund allocations for users to spend. However, the current implementation, allows for users to front-run changes being made.

Vulnerability Details

Currently, the allocateFunds directly sets a new value for the user's allocation:

function allocateFunds(
address recipient,
uint256 amount
) external override onlyRole(ALLOCATOR_ROLE) {
if (recipient == address(0)) revert InvalidRecipient();
if (amount == 0) revert InvalidAmount();
@> _allocations[msg.sender][recipient] = amount; // @audit - user can fron-run, use up the current allocation, and then use up the new one
emit FundsAllocated(recipient, amount);
}

This could lead to users front-running updates and for example, when the allocator wants to decrease an allocation, the user uses up his current allocation, then gets a new one set, eventually being able to spend more than what was meant for him.

Impact

Users front-run allocation decreases.

Tools Used

Manual review

Recommendations

Check the current user allocation, and then either increase it or decrease it.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::allocateFunds should increase or decrease funds to avoid recipient frontrunning and double spending

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!