# 51276 sc low arctokenpurchase re enabling active token sales causes accounting corruption and token loss **Submitted on Aug 1st 2025 at 11:08:35 UTC by @rilwan99 for** [**Attackathon | Plume Network**](https://immunefi.com/audit-competition/plume-network-attackathon) * **Report ID:** #51276 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * Permanent freezing of funds ## Description ### Brief / Intro The `ArcTokenPurchase.enableToken()` function lacks validation to prevent re-enabling already enabled tokens, which leads to accounting inconsistencies and Arc Tokens being permanently locked in the contract.
Vulnerability Details The vulnerability exists in the `enableToken()` function in ArcTokenPurchase.sol: ```solidity function enableToken( address _tokenContract, uint256 _numberOfTokens, uint256 _tokenPrice ) external onlyTokenAdmin(_tokenContract) { // ... validation checks ... // No check if token is already enabled ps.tokenInfo[_tokenContract] = TokenInfo({ isEnabled: true, tokenPrice: _tokenPrice, totalAmountForSale: _numberOfTokens, // Overwrites previous value amountSold: 0 // Resets to 0, losing previous sales data }); ps.enabledTokens.add(_tokenContract); emit TokenSaleEnabled(_tokenContract, _numberOfTokens, _tokenPrice); } ``` No validation checks if the token is already enabled. The assignment completely replaces the existing `TokenInfo` struct, losing all previous state including sales history and actual token availability.
## Impact Details * Token Loss: Unsold tokens become permanently locked when `amountSold` resets to 0. * Accounting Mismatch: Mismatch between actual contract balance and recorded availability.
References
## Proof of Concept {% stepper %} {% step %} ### Initial Setup * Admin calls `enableToken(tokenAddr, 100e18, 10e6)` // 100 tokens at $10 each * Contract receives 100 Arc Tokens * State: `totalAmountForSale = 100e18, amountSold = 0, isEnabled = true` {% endstep %} {% step %} ### Users Purchase Tokens * User1 calls `buy(tokenAddr, 200e6, 20e18)` // Buys 200 tokens * User2 calls `buy(tokenAddr, 200e6, 20e18)` // Buys 200 tokens * State after sales: `totalAmountForSale = 100e18, amountSold = 40e18, isEnabled = true` * Remaining for sale: `60e18` Arc tokens {% endstep %} {% step %} ### Token Admin Re-enables (Bug Trigger) * Admin calls `enableToken(tokenAddr, 50e18, 20e6)` // Admin wants to change price * State becomes: `totalAmountForSale = 50e18, amountSold = 0, isEnabled = true` // OVERWRITTEN * Contract still holds 60 Arc Tokens, but accounting shows only 50 available Impact: 10 Arc Tokens (60e18 - 50e18) are left permanently stuck in the contract and not accounted for. There is no way to withdraw/recover these funds. {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/plume-or-attackathon/51276-sc-low-arctokenpurchase-re-enabling-active-token-sales-causes-accounting-corruption-and-token.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.