Submission Details
Severity:
Missing distribute RAAC to managers
Summary
Missing distribute RAAC to managers
Vulnerability Details
In stabilityPool, the owner can add some managers. These managers take the responsibility to liquidate unhealthy positions.
function liquidateBorrower(address userAddress) external onlyManagerOrOwner nonReentrant whenNotPaused {
}
modifier onlyManagerOrOwner() {
if (!managers[msg.sender] && msg.sender != owner()) revert UnauthorizedAccess();
_;
}
As one kind of incentive, we will distribute some RAAC tokens to these managers according to different managers' allocation. The problem is that the related implementation is missing.
function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {
uint256 preBalance = raacToken.balanceOf(address(this));
raacToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 postBalance = raacToken.balanceOf(address(this));
if (postBalance != preBalance + amount) revert InvalidTransfer();
// TODO: Logic for distributing to managers based on allocation
emit RAACDepositedFromPool(msg.sender, amount);
}
Impact
Managers will fail to receive their expected RAAC rewards.
Tools Used
Manual
Recommendations
Add the related implementation in depositRAACFromPool().
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.