Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Unrestricted Access in `RAACMinter::updateEmissionRate` Causes Token Accounting Mismatch

zgczgc

Summary

The RAACMinter::updateEmissionRate function is accessible to anyone and updates the emission rate without minting RAAC tokens for the stability pool corresponding to the previous emission phase. For example:

Phase 1: Blocks 100-200 with 50% emission rate
Phase 2: Blocks 200-300 with 60% emission rate
Current implementation calculates amountToMint as (300-100)*60% instead of (200-100)*50% + (300-200)*60%.Causing discrepancies between the quantities calculated externally via RAACMinter::getEmissionRate and the actual amounts.

Vulnerability Details

function updateEmissionRate() public whenNotPaused { <==@found

if (emissionUpdateInterval > 0 && block.timestamp < lastEmissionUpdateTimestamp + emissionUpdateInterval) {

revert EmissionUpdateTooFrequent();

}

uint256 newRate = calculateNewEmissionRate();

emissionRate = newRate;

lastEmissionUpdateTimestamp = block.timestamp;

emit EmissionRateUpdated(newRate);

}

Impact

Accounting Discrepancy: Stability pool receives incorrect RAAC token balances
Emission Distortion: Historical emission periods become mathematically unreconcilable

Tools Used

Manual Review

Recommendations

Change the visibility of the RAACMinter::updateEmissionRate function to internal.:

- function updateEmissionRate() public whenNotPaused {

+ function updateEmissionRate() internal whenNotPaused {

if (emissionUpdateInterval > 0 && block.timestamp < lastEmissionUpdateTimestamp + emissionUpdateInterval) {

revert EmissionUpdateTooFrequent();

}

uint256 newRate = calculateNewEmissionRate();

+ tick();

emissionRate = newRate;

lastEmissionUpdateTimestamp = block.timestamp;

emit EmissionRateUpdated(newRate);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!