Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Protocol Vulnerability Report: Base Supply Tracking Failure

TxGuard

Component: Boost Management System

Severity: High (Fundamental Metric Corruption)

Executive Summary

The protocol's boost management system fails to track the base supply metric during user boost operations. This results in corrupted pool accounting where only boosted ("virtual") supplies are recorded, while the actual underlying asset amounts remain untracked. This defect fundamentally undermines the protocol's ability to assess real pool liquidity and properly calculate critical financial metrics.

Technical Analysis

1. Vulnerability Details

  • Affected Function: updateUserBoost(address user, address pool)

  • Error Type: Omission of State Update

  • Impacted Metric: PoolBoostData.baseSupply

  • Risk Category: Accounting Integrity Failure

2. Code Demonstration

Current Implementation (Flawed)

function updateUserBoost(address user, address pool) external {
// ... existing boost calculations ...
PoolBoostData storage poolData = poolBoosts[pool];
// ONLY updates boosted metrics ❌
poolData.totalBoost += newBoost;
poolData.workingSupply += newBoost;
// MISSING base supply update ❌
// poolData.baseSupply should track raw assets
}

Test Case Evidence

function testBaseSupplyTrackingFails() public {
// Initial check
(, , uint256 initialBaseSupply, ) = boostController.getPoolBoost(pool);
assertEq(initialBaseSupply, 0, "Initial base supply should be 0");
// Execute boost update
vm.prank(user1);
boostController.updateUserBoost(user1, pool);
// Post-update verification
(, , uint256 finalBaseSupply, ) = boostController.getPoolBoost(pool);
// Test fails here ❌
assertGt(finalBaseSupply, 0, "Base supply remains untracked");
}

3. Observed Behavior

4. Impact Analysis

Direct Consequences:

  • Fee calculations based on inflated boosted supplies

  • Reward distributions disproportionate to real assets

  • Incorrect liquidity risk assessments

Systemic Risks:

graph TD
A[Missing Base Tracking] --> B[Distorted TVL Metrics]
A --> C[Inaccurate APR Calculations]
A --> D[Faulty Risk Modeling]
B --> E[User Mistrust]
C --> F[Economic Imbalances]
D --> G[Protocol Insolvency Risk]

Recommended Fix

Code Implementation

function updateUserBoost(address user, address pool) external {
// ... existing boost calculations ...
PoolBoostData storage poolData = poolBoosts[pool];
// Update boosted metrics
poolData.totalBoost += newBoost;
poolData.workingSupply += newBoost;
// FIX: Add base supply tracking ✅
uint256 userBase = IERC20(poolToken).balanceOf(user);
poolData.baseSupply += userBase;
emit BaseSupplyUpdated(pool, poolData.baseSupply);
}

Verification Logic

function testBaseSupplyTrackingSuccess() public {
uint256 initialBalance = poolToken.balanceOf(user1);
vm.prank(user1);
boostController.updateUserBoost(user1, pool);
(, , uint256 finalBaseSupply, ) = boostController.getPoolBoost(pool);
// Validate base tracking
assertEq(
finalBaseSupply,
initialBalance,
"Base supply should match actual user balance"
);
}

Conclusion

This vulnerability represents a critical failure in fundamental accounting mechanisms. The lack of base supply tracking creates systemic inaccuracies that propagate through all financial subsystems of the protocol. Immediate remediation is required before protocol deployment to prevent permanent metric corruption.

Recommendation Priority: Critical (Requires Emergency Fix)

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.