Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing equality check in calculateNewEmissionRate() can cause incorrect emissionRate

t0x1c

Description

Inside calculateNewEmissionRate() there is no explicit check in either of if branches for utilizationRate == utilizationTarget. This leads to incorrect emissionRate under certain conditions:

File: contracts/core/minters/RAACMinter/RAACMinter.sol
220: function calculateNewEmissionRate() internal view returns (uint256) {
221: uint256 utilizationRate = getUtilizationRate();
222: uint256 adjustment = (emissionRate * adjustmentFactor) / 100;
223:
224:@---> if (utilizationRate > utilizationTarget) {
225: uint256 increasedRate = emissionRate + adjustment;
226: uint256 maxRate = increasedRate > benchmarkRate ? increasedRate : benchmarkRate;
227: return maxRate < maxEmissionRate ? maxRate : maxEmissionRate;
228:@---> } else if (utilizationRate < utilizationTarget) {
229: uint256 decreasedRate = emissionRate > adjustment ? emissionRate - adjustment : 0;
230: uint256 minRate = decreasedRate < benchmarkRate ? decreasedRate : benchmarkRate;
231: return minRate > minEmissionRate ? minRate : minEmissionRate;
232: }
233:
234: return emissionRate;
235: }

Imagine:

  • utilizationTarget = 70% and emissionRate = 1000. Also, adjustmentFactor = 5%.

  • utilizationRate goes above 70%.

  • increasedRate = 1000 + 5% of 1000 = 1050. This is the value returned from the function and stored in the global variable emissionRate inside updateEmissionRate().

  • After some time, utilizationRate equals 70%.

  • The function returns the same old emissionRate = 1050. <---- 1️⃣

  • After some time, utilizationRate goes below 70%.

  • decreasedRate = 1050 - 5% of 1050 = ~ 998. This is returned and stored as emissionRate.

  • After some time, utilizationRate equals 70%.

  • The function returns the same old emissionRate = 998. <---- 2️⃣

Even after hitting the utilizationTarget, there is no change made in either cases. The equality condition has to be included in either if branch or the else branch.

Impact

Incorrect emissionRate leads to incorrect rewards being distributed.

Mitigation

Include the equality condition in either if branch or the else branch, for e.g.:

- if (utilizationRate > utilizationTarget) {
+ if (utilizationRate >= utilizationTarget) {
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::calculateNewEmissionRate doesn't handle utilizationRate == utilizationTarget case, causing emission rates to remain incorrectly adjusted

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::calculateNewEmissionRate doesn't handle utilizationRate == utilizationTarget case, causing emission rates to remain incorrectly adjusted

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.