Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

MAX_TOTAL_SUPPLY limitation can be bypassed

x1485967

Summary

MAX_TOTAL_SUPPLY limitation can be bypassed

Vulnerability Details

In veRAACToken, there is one MAX_TOTAL_SUPPLY limitation. We use this limitation to limit the maximum supply for veRAAC Token. When we lock one position, we will check this limitation to make sure that the total veRAAC token supply cannot exceed MAX_TOTAL_SUPPLY.

function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused {
if (amount > MAX_LOCK_AMOUNT) revert AmountExceedsLimit();
if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
}

The problem is that when users increase one existing position or extend one existing position, it's possible to mint some extra veRAAC tokens. But we miss to check this MAX_TOTAL_SUPPLY limitation check in both increase() and extend().

Impact

The MAX_TOTAL_SUPPLY limitation can be bypassed via increase() or extend().

Tools Used

Manual

Recommendations

Add the related cap check in the increase() and extend().

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect `MAX_TOTAL_SUPPLY` check in the `veRAACToken::lock/extend` function of `veRAACToken` could harm locking functionality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.