Unbounded token minting in RAACMinter's tick function
Summary
The tick() function in RAACMinter allows unlimited token minting based on the number of blocks passed since the last update. This leads to uncontrolled token inflation and manipulation of the token supply through delayed function calls.
Vulnerability Details
The calculation on line 265 allows blocksSinceLastUpdate to grow indefinitely. When multiplied by the emissionRate, this results in excessive token minting.
Attack Vector:
An attacker monitors the contract for periods of inactivity
The attacker waits for a significant number of blocks to pass (e.g., 1 month = 216,000 blocks)
With an emission rate of 1000 RAAC per day (0.138 RAAC per block), the attacker calls
tick()This results in a mint of 29,808 RAAC tokens in a single transaction (216,000 * 0.138)
The attacker repeats this process by waiting for another period of inactivity
Impact
-
Economic Disruption:
Sudden large token mints create supply shocks
Token value decreases due to unexpected inflation
Market manipulation through controlled large mints -
System Instability:
Emission schedule becomes unpredictable
Token distribution deviates from intended economics
Related protocols depending on stable token emissions break
Tools Used
Manual code review
Recommendations
Implement a maximum block limit:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.