Core Contracts

Summary

The RAACMinter contract, which holds both minter and owner roles of RAACToken, has no functionality to transfer these roles to another contract. When emergencyShutdown() is called, it permanently pauses the contract without any way to transfer control, effectively locking critical RAACToken minting functionality forever which affects the StabilityPool contract's ability to mint RAACToken rewards.

Vulnerability Details

The RAACMinter contract is both the owner and minter of RAACToken, controlling critical functions like:

• Token minting through mint()

• Tax rate adjustments via setSwapTaxRate() and setBurnTaxRate()

• Fee collector management through setFeeCollector()

When emergencyShutdown() is called:

• It sets emissionRate to 0

• Pauses the contract

• Has no mechanism to transfer owner/minter roles in the RAACToken contract to a new contract

This means the RAACToken becomes permanently locked with:

• No ability to mint new tokens

• No ability to adjust tax rates

• No ability to update fee collector

• No way to transfer control to a new contract

Impact

The protocol becomes permanently frozen if emergencyShutdown() is called, with no recovery path. This could lead to:

• Complete halt of protocol emissions

• Inability to adjust token parameters

• No way to migrate to a new minter contract

• Permanent loss of protocol functionality

Tools Used

Manual review

Proof of Concept

Steps to reproduce:

1. Deploy RAACToken contract

2. Deploy RAACMinter contract

3. raacToken.setMinter(raacMinter.address);

4. raacToken.transferOwnership(raacMinter.address);

5. RAACMinter's owner call emergencyShutdown() because of some issue

6. Now RAACTMinter cannot be used, and there is no way to transfer the owner/minter roles in the RAACToken contract to a new contract

Recommendations

Add functions to transfer both owner and minter roles from the RAACMinter contract: