Submission Details
Severity:
mintRewards() in RAACMinter.sol can never be called
Description
mintRewards() can only be called by the stability pool contract:
File: contracts/core/minters/RAACMinter/RAACMinter.sol
181: function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {
182:@---> if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
183:
184: uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;
185: excessTokens = excessTokens >= amount ? excessTokens - amount : 0;
186:
187: if (toMint > 0) {
188: raacToken.mint(address(this), toMint);
189: }
190:
191: raacToken.safeTransfer(to, amount);
192: emit RAACMinted(amount);
193: }
However there is no function inside StabilityPool.sol that calls the aforementioned function.
Impact
The functionality which mintRewards() aims to provide can never be used. The excessTokens can't be used to mint rewards.
Mitigation
Add a function inside StabilityPool.sol internally calling mintRewards() which the owner can call at any point of time.
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.