search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

grearlake - Transaction can not be challenged during the pause, which can lead to transaction to be maliciously executed #212

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

grearlake

medium

Transaction can not be challenged during the pause, which can lead to transaction to be maliciously executed

Summary

When contract is paused, function challengeTransaction() is also paused, and there is no extended time after pausing, which could make malicious transaction executed

Vulnerability Detail

In the TelcoinDistributor contract, function challengeTransaction is used by council member to challenge the transaction in the challenge period:

function challengeTransaction(
    uint256 transactionId
) external onlyCouncilMember whenNotPaused {
    // Makes sure the id exists
    require(
        transactionId < proposedTransactions.length,
        "TelcoinDistributor: Invalid index"
    );

    // Reverts if the current time exceeds the sum of the transaction's timestamp and the challenge period
    require(
        block.timestamp <=
            proposedTransactions[transactionId].timestamp + challengePeriod,
        "TelcoinDistributor: Challenge period has ended"
    );

    // Sets the challenged flag of the proposed transaction to true
    proposedTransactions[transactionId].challenged = true;

    // Emits an event with the transaction ID and the challenger's address
    emit TransactionChallenged(transactionId, _msgSender());
}

It use whenNotPaused, which mean function can not be executed when contract is paused (when contract is hacked, ...), but there is no extend for the time when contract is paused, which can be seen at executeTransaction() function:

    require(
        block.timestamp >
            proposedTransactions[transactionId].timestamp + challengePeriod,
        "TelcoinDistributor: Challenge period has not ended"
    );

It only check if challengePeriod is passed or not, it do not calculate the time when contract is paused

Impact

Malicious transaction can be executed when contract is paused long enough

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L115-#L136

Tool used

Manual Review

Recommendation

Calculate the time when contract is paused when execute challenge

Duplicate of #24

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { This is also invalid due to the reason mentioned in issue 024}