Lock gets overwritten if a user calls `veRAACToken::function lock` twice
Summary
The lock() function allows users to overwrite existing lock positions, resulting in permanent loss of previously locked funds and incorrect voting power calculations.
Vulnerability Details
The function fails to check for existing locks before creating new positions, allowing complete overwrite of existing locks. And this leads to permanent loss of previously locked RAAC tokens.
Relevant code link:
This function does not check if the user calling this function already has locked or not, if you call lock() again while having an existing lock:
The function would first transfer RAAC tokens to the contract
It would then overwrite the existing lock position completely with the new lock and end time
The user's previous lock's data would be lost and replaced with the new amount and duration
Impact
The user that calls the function twice ends up losing all the tokens they deposited the first time as that data is completely overwritten with the new lock's amount and end duration. The likelihood of this happening is high and the user loses all the locked tokens permanently.
Tools Used
Manual review
Recommendations
Add checks to prevent locking existing lock or the protocol should suggest to use increase or extend.
Lead Judging Commences
veRAACToken::lock called multiple times, by the same user, leads to loss of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.