Core Contracts

Summary

The contract defines a constant BLOCKS_PER_DAY with a value of 7200, assuming a 12-second block time (typical for Ethereum). However, if the contract is deployed on a different chain (e.g., Base, Arbitrum, or any other chain with a different block time), the emissions schedule calculations will be incorrect. This hardcoding can lead to unintended emission rates and economic imbalances in the protocol.

Vulnerability Details

1. Assumption of Block Time:

   The contract sets:

   uint256 public constant BLOCKS_PER_DAY = 7200; // Assuming 12-second block time

   This value is used in multiple places (e.g., calculating the initial emission rate, minimum and maximum emission rates). It implicitly assumes that there are 7200 blocks per day, which is true only for blockchains with a 12-second block time.

2. Impact on Emission Calculations:

   • Incorrect Emission Rate:
     For chains with faster block times (more blocks per day), the emission rate per block will be lower than intended, leading to lower-than-expected daily emissions.
     For chains with slower block times (fewer blocks per day), the emission rate per block will be higher, resulting in higher daily emissions than intended.

   • Economic Imbalance:
     The miscalculation may cause the protocol to under- or over-mint RAAC tokens, disrupting the intended economic incentives, reward distributions, and overall system stability.

3. Chain Specificity:

   The hardcoded constant does not allow the contract to adapt to different blockchain environments. For example, if deployed on Base (where the block time might differ from 12 seconds), the calculated emissions will not match the protocol’s design assumptions.

Proof-of-Concept (POC) Example

Assume the following:

• The contract is deployed on a blockchain where the average block time is 4 seconds.

• Actual blocks per day on this chain:
  $$
  \frac{86400 \text{ seconds per day}}{4 \text{ seconds per block}} = 21600 \text{ blocks per day}
  $$

Given:

• Initial Rate: INITIAL_RATE = 1000 * 1e18 RAAC per day.

• Hardcoded BLOCKS_PER_DAY: 7200

Expected Emission Rate on a 4-second Block Time Chain:

• The intended per-block emission (if designed for a 4-second block time) should be:
  $$
  \frac{1000 \times 1e18}{21600} \approx 0.0463 \times 1e18 \text{ RAAC per block}
  $$

Actual Emission Rate with Hardcoded Value:

• Using the hardcoded value, the contract calculates:
  $$
  \text{emissionRate} = \frac{1000 \times 1e18}{7200} \approx 0.1389 \times 1e18 \text{ RAAC per block}
  $$

Outcome:

• The per-block emission rate is three times higher than intended on a chain with a 4-second block time.

• Over the course of a day, this would lead to minting:
  $$
  0.1389 \times 1e18 \times 21600 \approx 3000 \times 1e18 \text{ RAAC tokens}
  $$
  instead of the intended 1000 RAAC per day.

Impact

• Economic Disruption:
  The miscalculation will lead to excessive RAAC token emissions on chains with faster block times, diluting token value and disrupting economic incentives.

• Reward Distribution Issues:
  Rewards distributed based on the emission rate may be significantly skewed, affecting stakeholders who rely on the correct token emission schedule.

• Cross-Chain Incompatibility:
  Deploying the contract on chains with different block times without adjusting BLOCKS_PER_DAY may result in unintended behavior, making the protocol less flexible and robust in multi-chain environments.

Tools Used

Manual review

Recommendations

1. Parameterize Block Time:

   • Remove the hardcoded value and allow BLOCKS_PER_DAY to be set during deployment or updated via a governance mechanism. This change would enable the contract to adapt to different blockchain environments.

2. Dynamic Block Estimation:

   • Consider implementing an on-chain mechanism to estimate the average block time and adjust the emission rate accordingly. While more complex, this approach can provide a robust solution for varying block times.