Wrong check in function `veRAACToken::lock`.
Summary
The function veRAACToken::lock incorrectly assumes that 1 RAAC token is equal to 1 veRAAC token, leading to a flawed total supply validation. This miscalculation can bypass supply constraints or result in incorrect vesting allocations.
Vulnerability Details
In the function veRAACToken::lock, the following check is used to enforce the maximum total supply of veRAAC tokens:
Issue:
Here,
totalSupply()represents the total amount of veRAAC tokens minted so far, whileamountrefers to the RAAC tokens being locked.This check assumes a 1:1 ratio between RAAC and veRAAC, which is incorrect.
In most veToken models, the amount of veTokens issued depends on the lock duration (e.g., longer locks yield more veTokens).
If the actual veRAAC minting logic scales based on lock duration, this check is inaccurate and could allow the total supply to exceed the intended limit.
Example Issue in Code:
The correct total supply check should factor in the veRAAC conversion logic, ensuring the minted veTokens do not exceed
MAX_TOTAL_SUPPLY.
Impact
Total veRAAC supply may exceed the intended cap due to an incorrect assumption in supply validation.
Governance manipulation risk as users may receive more veRAAC than expected.
Inaccurate supply constraints leading to economic imbalances in the protocol.
Tools Used
Manual review
Recommendations
Modify the total supply check to consider the veRAAC minting formula.
Ensure veRAAC minting logic correctly reflects the vesting model.
Lead Judging Commences
Incorrect `MAX_TOTAL_SUPPLY` check in the `veRAACToken::lock/extend` function of `veRAACToken` could harm locking functionality
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.