Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Emission Rate Reset Failure Halts RAAC Token Minting Post-Emergency Shutdown

invcbull

Summary

The RAACMinter contract’s emergencyShutdown function sets the emission rate (ER) to 0 and pauses the contract. When the contract is later unpaused without a manual or automated reset, ER remains at 0. As a result, the tick() function mints no new RAAC tokens, and the StabilityPool’s reward distribution—which is based on the RAAC tokens held by the pool—ceases. Consequently, users receive significantly lower rewards or none at all.

Vulnerability Details

Root Cause:
The emergencyShutdown function in RAACMinter sets emissionRate to 0 without preserving or automatically restoring its previous value upon unpausing. The tick() function then calculates minted tokens as:

amountToMint = emissionRate * blocksSinceLastUpdate;

With ER at 0, no tokens are minted. Since the StabilityPool’s reward distribution depends on the RAAC tokens present in the pool, this halts the reward mechanism entirely.

Scenario Flow:

  1. Normal Operation:

    • RAACMinter mints RAAC tokens based on a healthy emission rate, which are deposited into the StabilityPool, ensuring continuous reward distribution.

  2. Emergency Shutdown:

    • An admin triggers emergencyShutdown, setting emissionRate to 0 and pausing RAACMinter.

  3. Unpause Without Reset:

    • The contract is unpaused; however, emissionRate remains 0.

  4. Resulting Impact:

    • Subsequent user actions in the StabilityPool (deposit or withdrawal) invoke tick(), but with ER = 0, resulting in no RAAC tokens being minted. User rewards are therefore frozen immediately.

Impact

  • Immediate Halt in Rewards:
    Users will receive zero RAAC tokens after unpausing if the emission rate is not restored.

  • Significant Financial Loss:
    Users expecting steady rewards (e.g., 10 RAAC tokens per day) could miss out on hundreds of tokens over a short period.

  • Protocol Disruption:
    The complete cessation of reward minting may lead to user withdrawals, reducing pool liquidity and destabilizing the associated lending markets.

Tools Used

  • Manual Code Analysis

Recommendations

Reset the emission rate upon unpausing by preserving the pre-shutdown value and restoring it automatically. For example, modify the RAACMinter contract as follows:

function emergencyShutdown(bool updateLastBlock, uint256 newLastUpdateBlock) external onlyRole(DEFAULT_ADMIN_ROLE) {
- emissionRate = 0;
+ // Preserve current emission rate for restoration
+ previousEmissionRate = emissionRate;
+ emissionRate = 0;
_pause();
if (updateLastBlock) {
_setLastUpdateBlock(newLastUpdateBlock);
}
emit EmergencyShutdown(msg.sender, lastUpdateBlock);
}
function unpause(bool updateLastBlock, uint256 newLastUpdateBlock) external onlyRole(PAUSER_ROLE) {
_unpause();
+ // Restore emission rate automatically using the preserved value, or default to benchmarkRate if unavailable
+ emissionRate = previousEmissionRate > 0 ? previousEmissionRate : benchmarkRate;
+ emit EmissionRateRestored(emissionRate);
if (updateLastBlock) {
_setLastUpdateBlock(newLastUpdateBlock);
}
}

Additionally, ensure that updateEmissionRate() is invoked immediately upon unpausing to recalibrate the emission rate based on recent system data. This will guarantee continuous RAAC token minting and fair reward distribution in the StabilityPool.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.