Closed sherlock-admin2 closed 9 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is like a veto and can only be done by council members ; they can veto it and it will never pass; i believe its an intended behavior}
ravikiran.web3
medium
TelcoinDistributor::challengeTransaction() will block the transaction permanently
Summary
Challenger can challenge a proposed transaction. Once challenged, it is permanently blocked.
Vulnerability Detail
When challenger challenges a proposed transaction with in specified window, the challenged flag is set to true. The executor will revert if a transaction is having challenged flag as true.
There is no other mechanism provided in the contract to release the challenged state.
Impact
Challenged transactions are permanently blocked.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L115-L136
During execute transaction, if the transaction challenged is flagged as true, it will revert.
Tool used
Manual Review
Recommendation
It is not clear if challenge is more like a permanent block. There should be a mechanism to release the transaction if challenge is taken back, but such implementation is not apparent from the code base.
Duplicate of #142