Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Hardcoded Block Time in RAACMinter Causes Incorrect Token Emission Rates on Different EVM Chains

tinnohofficial

Summary

The RAACMinter contract hardcodes BLOCKS_PER_DAY to 7200 assuming a 12-second block time (Ethereum mainnet), which will result in incorrect emission rates when deployed on other EVM chains with different block times.

Vulnerability Details

The RAACMinter contract calculates daily emission rates based on BLOCKS_PER_DAY constant set to 7200 blocks, assuming each block takes 12 seconds. However, different EVM chains have different block times and more importantly most of the L2s have few block times.

The emission rate calculations in functions like tick() and calculateNewEmissionRate() will be incorrect because they use this hardcoded value:

uint256 public constant BLOCKS_PER_DAY = 7200; // Assuming 12-second block time

uint256 public constant INITIAL_RATE = 1000 * 1e18; // 1000 RAAC per day

constructor( ....) {

// @audit emissionRate will remain constant with respect to chain even though number of block times in chains is significantly different.

emissionRate = INITIAL_RATE / BLOCKS_PER_DAY;

}

When calculating the amount to mint (emit) we use the number blocks of what ever the chain the code is on, which means blocksSinceLastUpdate will vary greatly depending on the chain. and the amountToMint value uses this number of blocks value WHILE the emissionRate has still remained constant with respect to the chains.

function tick() external nonReentrant whenNotPaused {

if (emissionUpdateInterval == 0 || block.timestamp >= lastEmissionUpdateTimestamp + emissionUpdateInterval) {

updateEmissionRate();

}

uint256 currentBlock = block.number;

@> uint256 blocksSinceLastUpdate = currentBlock - lastUpdateBlock; // @audit-info depends on the chain

if (blocksSinceLastUpdate > 0) {

// @audit since emissionRate is constant across chains while blocksSinceLastUpdate is dependent on chain, the amountToMint becomes inflated in most L2s

@> uint256 amountToMint = emissionRate * blocksSinceLastUpdate;

if (amountToMint > 0) {

excessTokens += amountToMint;

lastUpdateBlock = currentBlock;

raacToken.mint(address(stabilityPool), amountToMint);

emit RAACMinted(amountToMint);

}

For example:

On BSC (3s), actual blocks per day = 28800, causing 4x higher emissions than intended
On Polygon (2s), actual blocks per day = 43200, causing 6x higher emissions than intended
On Avalanche (2s), actual blocks per day = 43200, causing 6x higher emissions than intended
On Arbitrum (~0.5s), actual blocks per day = 172800, causing 24x higher emissions than intended

From the scope in part of compatibilities it says;

All EVM Compatible

which implies that the code will not only be deployed on ethereum mainnet where block time is 12s but also other "EVM Compatible chains" which most of which are significantly fast and that value of BLOCKS_PER_DAY being 7200 won't apply to them.

PoC

Contract is deployed on BSC with BLOCKS_PER_DAY = 7200
Intended daily emission is 1000 RAAC tokens
Due to 3s block time, actual blocks per day is 28800
Per block emission becomes: 1000 * 1e18 / 7200 = ~138.89e18
Actual daily emission: 138.89e18 * 28800 = 4000 RAAC tokens
This is 4x higher than intended emission rate

Impact

Severe economic impact as emission rates will be significantly different from intended rates on non-Ethereum chains, potentially causing hyperinflation or severely reduced rewards depending on the chain's block time.

Tools Used

Manual code review

Recommendations

Allow the BLOCKS_PER_DAY value to be adjusted (through a constructor and a setter function)
or alternatively Use time-based calculations instead of block-based:

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Appeal created

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!