Drain RAAC Token Rewards
Summary
The StabilityPool calculates rewards only based on deposited token balance and ignores duration, allowing users to deposit and withdraw RTokens immediately. During withdrawal, users receive RAAC token rewards, enabling them to earn rewards without any commitment.
Vulnerability Details
The StabilityPool::calculateRaacRewards() calculates rewards only based on deposited token balance. The exchange rate between RTokens and DETokens is fixed at 1:1. The contract does not enforce any cooldown or lock-up period for deposited RTokens, meaning users can withdraw their tokens immediately after depositing them.
During the withdrawal process, the contract distributes RAAC token rewards to users based on their deposited amount but ignores the duration of their deposit. Since there is no lock-up period, users can exploit this by repeatedly depositing and withdrawing RTokens to claim rewards.
Impact
Drain of RAAC rewards.
Tools Used
vscode
Recommendations
Modify the reward calculation logic to account for the duration of the deposit.
Lead Judging Commences
StabilityPool::calculateRaacRewards is vulnerable to just in time deposits
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.