Incorrect Excess Token Accounting in Minter Contract
Summary
The mintRewards function in the Minter contract incorrectly assumes that the excessTokens variable represents actual tokens held in the contract. However, the tick function updates excessTokens while transferring tokens to the Stability Pool, leading to a scenario where mintRewards attempts to transfer excess tokens but transaction reverts due to insufficient balance.
Vulnerability Details
The
tickfunction is responsible for minting reward tokens for the Stability Pool based on the emission rate.It updates
excessTokenswith the amount of tokens to be minted and then transferring them to the Stability Pool, it means contract balance is not updated despite that excessToken variable has been updated.The
mintRewardsfunction attempts to useexcessTokensto transfer tokens before minting new ones. However, since contract doesn't have as much as excessToken balance, the transfer function reverts.If
mintRewardstries to transferexcessTokensand the contract does not have a sufficient balance, the transaction reverts.
Root Cause
The
tickfunction incorrectly incrementsexcessTokenswhile contract balance is not added.The
mintRewardsfunction assumes thatexcessTokensreflects actual token balance.
Impact
The
mintRewardsfunction fails when attempting to transferexcessTokens, causing reward distribution to break.
Lead Judging Commences
RAACMinter wrong excessTokens accounting in tick function
RAACMinter wrong excessTokens accounting in tick function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.