Core Contracts

Summary

The RAACMinter contract adjusts its emission rate based on the system's instantaneous utilization rate, calculated as (totalBorrowed * 100) / totalDeposits. An attacker can temporarily inflate this utilization—by borrowing a large amount of assets just before the update—and then repay immediately afterward. This manipulation results in an artificially high emission rate that persists for the duration of the emission interval, potentially leading to unintended token inflation and economic distortion.

Vulnerability Details

1. Instantaneous Utilization Calculation:

   The contract computes the utilization rate using:

   function getUtilizationRate() internal view returns (uint256) {

   uint256 totalBorrowed = lendingPool.getNormalizedDebt();

   uint256 totalDeposits = stabilityPool.getTotalDeposits();

   if (totalDeposits == 0) return 0;

   return (totalBorrowed * 100) / totalDeposits;

   }

   This calculation only reflects the current state of the pool, making it vulnerable to transient changes.

2. Emission Rate Update:

   The updateEmissionRate() function updates the emission rate based on the current utilization:

   function updateEmissionRate() public whenNotPaused {

   if (emissionUpdateInterval > 0 && block.timestamp < lastEmissionUpdateTimestamp + emissionUpdateInterval) {

   revert EmissionUpdateTooFrequent();

   }

   uint256 newRate = calculateNewEmissionRate();

   emissionRate = newRate;

   lastEmissionUpdateTimestamp = block.timestamp;

   emit EmissionRateUpdated(newRate);

   }

   An attacker can trigger this function when the utilization is temporarily high.

3. Attack Scenario:

   • Preparation: An attacker temporarily increases totalBorrowed (e.g., via a flash loan or strategic borrowing) just before the emission update.

   • Trigger: The attacker (or a colluding party) calls updateEmissionRate() (or indirectly via tick()), causing the contract to use the inflated utilization rate.

   • Outcome: The emission rate is adjusted upward based on the manipulated high utilization.

   • Aftermath: The attacker repays the borrowed funds immediately after the update, but the increased emission rate remains in effect until the next scheduled update, leading to excessive RAAC token minting.

Impact

• Token Inflation:
  The manipulated emission rate can result in minting more RAAC tokens than intended, diluting the token supply and potentially harming token economics.

• Economic Distortion:
  An artificially high emission rate can lead to a misalignment between the token's intended distribution and the actual minted supply, adversely affecting stakeholders.

Proof-of-Concept (POC) Example

Assume:

• Normal Conditions:

  • totalBorrowed = 70 units

  • totalDeposits = 100 units

  • Utilization = (70 * 100) / 100 = 70%

• Attack Scenario:

  • Just before calling updateEmissionRate(), the attacker temporarily increases totalBorrowed to 90 units (e.g., via a flash loan).

  • New Utilization = (90 * 100) / 100 = 90%

• Effect:
  The contract computes a new emission rate based on 90% utilization rather than the true 70%. Once the attack is over and the borrowed assets are repaid, the emission rate remains inflated until the next update.

Tools Used

Manual review

Recommendations

1. Implement a Time-Weighted Average:

   • Use a time-weighted average of the utilization rate over several blocks or a moving average mechanism. This approach would smooth out transient spikes and mitigate flash loan attacks.

2. Introduce a Smoothing Mechanism:

   • Gradually adjust the emission rate rather than making abrupt changes based solely on the instantaneous utilization. This could involve setting maximum allowed changes per update interval.

3. Additional Validation Checks:

   • Validate that sudden changes in the utilization rate are consistent with historical data before applying a new emission rate. This might include comparing against a minimum observation period or checking for anomalies.

4. Restrict Update Triggering:

   • Consider limiting who can trigger the emission rate update or requiring additional checks to prevent manipulation during periods of temporary market imbalance.