Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Pending rewards not distributed before changing emission rate via setMinEmissionRate()

t0x1c

Description

The RAACMinter contract contains vulnerabilities around emission rate updates that can affect unclaimed rewards. The contract allows changing emission rates and parameters without ensuring proper distribution of pending rewards accrued under previous rates.

Initial emission rate is set and rewards start accruing:
Parameters can be updated while rewards are pending:

function setMinEmissionRate(uint256 _minEmissionRate) external onlyRole(UPDATER_ROLE) {

if (_minEmissionRate >= maxEmissionRate) revert InvalidMinEmissionRate();

uint256 oldRate = minEmissionRate;

minEmissionRate = _minEmissionRate;

emit MinEmissionRateUpdated(oldRate, _minEmissionRate);

}

function setMaxEmissionRate(uint256 _maxEmissionRate) external onlyRole(UPDATER_ROLE) {

if (_maxEmissionRate <= minEmissionRate) revert InvalidMaxEmissionRate();

uint256 oldRate = maxEmissionRate;

maxEmissionRate = _maxEmissionRate;

emit MaxEmissionRateUpdated(oldRate, _maxEmissionRate);

}

function setAdjustmentFactor(uint256 _adjustmentFactor) external onlyRole(UPDATER_ROLE) {

if (_adjustmentFactor == 0 || _adjustmentFactor > MAX_ADJUSTMENT_FACTOR) revert InvalidAdjustmentFactor();

uint256 oldFactor = adjustmentFactor;

adjustmentFactor = _adjustmentFactor;

emit AdjustmentFactorUpdated(oldFactor, _adjustmentFactor);

}

Rewards are distributed using current rates:

function tick() external nonReentrant whenNotPaused {

if (emissionUpdateInterval == 0 || block.timestamp >= lastEmissionUpdateTimestamp + emissionUpdateInterval) {

updateEmissionRate();

}

uint256 currentBlock = block.number;

uint256 blocksSinceLastUpdate = currentBlock - lastUpdateBlock;

if (blocksSinceLastUpdate > 0) {

@---> uint256 amountToMint = emissionRate * blocksSinceLastUpdate;

if (amountToMint > 0) {

excessTokens += amountToMint;

lastUpdateBlock = currentBlock;

raacToken.mint(address(stabilityPool), amountToMint);

emit RAACMinted(amountToMint);

}

Impact

Incorrect Reward Distribution:
- Users who accrued rewards under higher emission rates could receive less than expected if rates are lowered before claiming
- Users could receive more than intended if rates are increased before claiming
Economic Impact:
- Affects the StabilityPool rewards as rewards are minted directly to it
- Could lead to unfair distribution of protocol incentives

Mitigation

Force distribute any pending rewards first before updating with new values. This could mean ignoring the emissionUpdateInterval for this distribution.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!