Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect reward calculations in tick function

biakia

Summary

The tick function in the RAACMinter contract is responsible for minting RAAC tokens based on the current emission rate and the number of blocks since the last update. However, the function has a vulnerability where lastUpdateBlock is not updated when amountToMint is 0. This can lead to incorrect reward calculations when the emission rate transitions from 0 to a positive value, as the blocksSinceLastUpdate will include blocks during which no rewards were intended to be distributed. This can result in an unexpectedly large amountToMint, leading to unintended token minting.

Vulnerability Details

In the tick function, the lastUpdateBlock is not updated when amountToMint is 0:

if (amountToMint > 0) {
excessTokens += amountToMint;
lastUpdateBlock = currentBlock;
raacToken.mint(address(stabilityPool), amountToMint);
emit RAACMinted(amountToMint);
}

If the emission rate has transitioned from 0 to a positive value over time without updates to lastUpdateBlock, the difference in blocks will yield an unexpectedly large amountToMint, leading to excessive minting of RAAC tokens.

For example, if lastUpdateBlock was at 1000 when the last minting occurred, from block 1000 to block 1100, the emissionRate is set to 0. Then it updates the emission rate from 0 to a positive value (e.g., by a separate function call that adjusts parameters), they can call tick at block 1101. If no tokens are supposed to be minted in the interim, the calculation will still take into account 101 blocks due to the lack of an update to lastUpdateBlock. In this circumstance, the amountToMint would be calculated as:

uint256 amountToMint = emissionRate * blocksSinceLastUpdate; // (1101 - 1000) = 101

The emissionRate could inadvertently produce a significant number of tokens (e.g., if emissionRate is 100 RAAC/block, this would result in 10,100 RAAC tokens minted when it shouldn't have been).

Impact

  • Unexpected Token Minting: When emissionRate transitions from 0 to a positive value, the contract may mint a large number of tokens, which can disrupt the tokenomics and lead to unintended inflation.

  • Inaccurate Reward Distribution: The rewards will not be accurately distributed based on the intended emission schedule, leading to potential unfairness and loss of trust in the system.

The impact is High, the likelihood is Medium, so the severity is High.

Tools Used

Manual Review

Recommendations

To fix this vulnerability, we need to ensure that lastUpdateBlock is updated every time the tick function is called, regardless of whether amountToMint is 0. This ensures that blocksSinceLastUpdate only includes blocks since the last call to tick.

function tick() external nonReentrant whenNotPaused {
// Update emission rate if the interval has passed
if (emissionUpdateInterval == 0 || block.timestamp >= lastEmissionUpdateTimestamp + emissionUpdateInterval) {
updateEmissionRate();
}
// Always update lastUpdateBlock to the current block number
uint256 currentBlock = block.number;
uint256 blocksSinceLastUpdate = currentBlock - lastUpdateBlock;
lastUpdateBlock = currentBlock; // Update lastUpdateBlock regardless of amountToMint
// Calculate and mint the amount if emissionRate is greater than 0
if (emissionRate > 0 && blocksSinceLastUpdate > 0) {
uint256 amountToMint = emissionRate * blocksSinceLastUpdate;
if (amountToMint > 0) {
excessTokens += amountToMint;
raacToken.mint(address(stabilityPool), amountToMint);
emit RAACMinted(amountToMint);
}
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.