Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

`veRAACToken::lock` and `veRAACToken::increase` doesn't check for `MAX_TOTAL_LOCKED_AMOUNT`, breaking protocol limits

77SecMentees

Summary

The veRAACTokendeclare a constant variable called MAX_TOTAL_LOCKED_AMOUNTwith the following documentation:

@notice Maximum total amount that can be locked globally

The veRAACToken::lockdoesn't have an implemented check, while the veRAACToken::increasehas, but it's commented.

(veRAACToken::increase)[https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/libraries/governance/LockManager.sol#L163-L164]

Vulnerability Details

Although declared and with a clear role, the variable is not used. This will break protocol design by allowing the locked amount to be higher than it was supposed to be.

Impact

Users can leverage the unlimited locking functionality to deposit more RAAC Tokensand force a voting direction that can be more favorable for them.

Tools Used

Code Review

Recommendations

Ensure the MAX_TOTAL_LOCKED_AMOUNTis properly used to limit locked amounts.

function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused {
if (amount == 0) revert InvalidAmount();
if (amount > MAX_LOCK_AMOUNT) revert AmountExceedsLimit();
if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
if (duration < MIN_LOCK_DURATION || duration > MAX_LOCK_DURATION)
revert InvalidLockDuration();
+ if (raacToken.balanceOf(address(this)) > MAX_TOTAL_LOCKED_AMOUNT) revert();
raacToken.safeTransferFrom(msg.sender, address(this), amount);
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`veRAACToken::lock` function doesn't check MAX_TOTAL_LOCKED_AMOUNT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!