Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Valid

Low findings

L-1

UpdatePeriod() in the BaseGauge.sol can be called only by the Controller contract, but it is never called, which means that the updatePeriod() function is unusable.

L-2

In the setInitialWeight the calculation for nextPeriodStart adds 2, which means it will not calculated when the next period is going to begin, instead it will calculated for the next one

e.g. if we are at the first period it will calculate for the third one

uint256 periodDuration = getPeriodDuration(); // 7 days or month
uint256 currentTime = block.timestamp;
uint256 nextPeriodStart = ((currentTime / periodDuration) + 2) * periodDuration; //@audit why by 2, not by 1? - low

TimeWeightedAverage.createPeriod(
periodState.votingPeriod,
nextPeriodStart,
periodDuration,
weight,
10000 // WEIGHT_PRECISION
);

L-3

TypePeriod mapping in the GaugeController.sol is never used

L-4

mintRewards() in the RAACMinter.sol can be called only by the stabilityPool, but is never called, which means that the mintRewards() function is unusable.

L-5

In the LendingPool.sol all users can use initiateLiquidation() to say that another user has to be liquidated, as the all other lending/borrowing protocols are doing. However, the users that uses initiateLiquidation() won't receive any rewards for doing that, which means they don't have any value to say that someone has to be liquidated. As a result, the managers and the owner has to watch all of the users that has to be liquidated.

Updates

Lead Judging Commences

inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

BaseGauge::updatePeriod uses ((currentTime / periodDuration) + 2) calculation causing entire reward periods to be skipped, resulting in permanent loss of user rewards

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

BaseGauge::updatePeriod uses ((currentTime / periodDuration) + 2) calculation causing entire reward periods to be skipped, resulting in permanent loss of user rewards

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.