Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Increasing an existing lock will inadvertently revert

OpaBatyo

Summary

Incorrect subtraction of newPower and balanceOf will sometimes revert due to an underflow.

Details

Invoking increase allows a user to deposit more RAACToken to increase their voting power. The flow involves calculating their current decayed power and add the new one. At the end, additional veRAAC tokens are minted.

LockManager.Lock memory userLock = _lockState.locks[msg.sender];

(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(

msg.sender,

userLock.amount + amount,

userLock.end

);

uint256 newPower = uint256(uint128(newBias));

_checkpointState.writeCheckpoint(msg.sender, newPower);

raacToken.safeTransferFrom(msg.sender, address(this), amount);

_mint(msg.sender, newPower - balanceOf(msg.sender));

The subtraction of newPower - balanceOf(msg.sender) will cause underflow reverts as there is no guarantee that newPower > balanceOf since sometimes the decayed power + the increase will still be lower than the initial power. Here is a practical example:

User locks 100 tokens for max duration (4 years) and is minted 100 veRAAC
2 years pass and user invokes increase to deposit 50 more tokens
calculateAndUpdatePower calculates the new power against the 150 locked tokens
initialPower = 150 * 2 years / 4 years = 75
This value is passed back to the increase function and logged as newPower
_mint attempts to subtract 75 - 100 and ends up reverting

User is unable to perform a simple action of increasing their lock and depositing more money in the protocol.

Impact

Broken functionality, unexpected behaviour

Mitigation

Perform a burn on the entire balanceOf(msg.sender) and then mint newPower

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

veRAACToken::increase underflows on newPower - balanceOf(msg.sender)

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!