Missing MAX_TOTAL_SUPPLY Enforcement
Summary
In the veRAACToken.sol contract the increase function is missing a check to ensure that the total supply of veRAACTokens does not exceed the MAX_TOTAL_SUPPLY limit, which can lead to an uncontrolled increase in the total supply.
Vulnerability Details
The vulnerability arises from the increase function, which allows users to increase the amount of locked RAAC tokens. However, the function does not check if the new total supply of veRAACTokens, after the increase, exceeds the MAX_TOTAL_SUPPLY limit. This omission can lead to the total supply of veRAACTokens surpassing the predefined maximum limit, undermining the intended tokenomics and governance structure.
Impact
By not enforcing the MAX_TOTAL_SUPPLY limit, the protocol may allow an uncontrolled increase in the total supply of veRAACTokens. This can lead to inflation of the token supply, diluting the voting power of existing token holders and disrupting the governance process. It undermines the integrity of the protocol's tokenomics and can lead to a loss of trust among users.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, add a check in the increase function to ensure that the total supply of veRAACTokens does not exceed the MAX_TOTAL_SUPPLY limit.
Lead Judging Commences
veRAACToken::increase doesn't check the token supply, making it possible to mint over the MAX
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.