Submission Details
Severity:
Max lock amount can be bypassed
Summary
veRAACToken enforces maximum amount that can be locked in a single position. However, this enforcement is done when lock is created.
Vunlerability Details
veRAACToken has MAX_LOCK_AMOUNT that can be locked in a single position:
uint256 private constant MAX_LOCK_AMOUNT = 10_000_000e18;
When lock is increased, the protocol checks if new lock amount will exceed the threshold:
// Maximum lock amount
if (lock.amount + additionalAmount > state.maxLockAmount) revert AmountExceedsLimit();
However, this check is not done when a new lock is created:
state.locks[user] = Lock({
@> amount: amount, // @audit max lock amount check is not done
end: end,
exists: true
});
Impact
Max lock check can be bypassed by creating a lock with huge amount
Tools Used
Manual Review
Recommendation
Do the same check when a new lock is created
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::increase doesn't check the maximum total locked amount
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::increase doesn't check the maximum total locked amount
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.