Core Contracts

Summary

The RAACMinter.sol::tick() function updates the emission rate before calculating and minting tokens for past blocks. This causes tokens to be minted using the new emission rate for blocks that should have used the previous rate, leading to incorrect token emissions.

Vulnerability Details

In RAACMinter.sol, the tick() function performs two main operations:

1. Updates the emission rate if the update interval has passed

2. Mints tokens for blocks that have passed since the last update

The issue is that after updating the emission rate, it uses this new rate to calculate emissions for blocks that occurred during the previous period. These past blocks should be calculated using the rate that was in effect during their period.

For example:

• Day 1: Rate is 1000 tokens/block

• Day 2: Rate changes to 1100 tokens/block

• When tick() is called on Day 2, it will mint (1100 * blocks_in_day1) tokens for Day 1's blocks, instead of (1000 * blocks_in_day1)

Impact

• If emission rate increases: Past blocks receive more tokens than intended

• If emission rate decreases: Past blocks receive fewer tokens than intended

Likelihood

High - This will occur every time the emission rate changes and tick() is called, which is a core function of the protocol.

Proof of Concept

N/A - sufficient information provided in Vulnerability Details

Recommendations

Modify the tick() function to:

1. Calculate and mint rewards for past blocks using the old emission rate

2. Then update the emission rate for future blocks

Thereafter, it is important to consider that emergencyShutdown() resets emissionRate to 0, therefore a check for after emrgencyShutdown() being called should be placed to update() the emissionRate so no rewards are missed on day 1 after the protocol restart.