Submission Details
Severity:
`RAACReleaseOrchestrator.emergencyRevoke()` Transfers Revoked `raacToken`s to Incorrect Address
Summary
The RAACReleaseOrchestrator.emergencyRevoke() function incorrectly transfers revoked raacTokens to the RAACReleaseOrchestrator contract itself.
Vulnerability Details
The RAACReleaseOrchestrator.emergencyRevoke() function incorrectly transfers revoked raacTokens to address(this). address(this) refers to the RAACReleaseOrchestrator contract itself, making this transfer meaningless.
function emergencyRevoke(address beneficiary) external onlyRole(EMERGENCY_ROLE) {
VestingSchedule storage schedule = vestingSchedules[beneficiary];
if (!schedule.initialized) revert NoVestingSchedule();
uint256 unreleasedAmount = schedule.totalAmount - schedule.releasedAmount;
delete vestingSchedules[beneficiary];
if (unreleasedAmount > 0) {
134 raacToken.transfer(address(this), unreleasedAmount);
emit EmergencyWithdraw(beneficiary, unreleasedAmount);
}
emit VestingScheduleRevoked(beneficiary);
}
Impact
Revoked raacTokens are not transferred to the correct address.
Tools Used
Manual review
Recommendations
Transfer to the correct address.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACReleaseOrchestrator::emergencyRevoke sends revoked tokens to contract address with no withdrawal mechanism, permanently locking funds
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.