Lock Function Overwrites Existing Lock, Leading to Loss of Tokens
Summary :
in veRAACToken where calling the lock function multiple times results in complete loss of funds from the first lock, as the contract only maintains a single lock position per user and overwrites existing locks without returning or accounting for previously locked tokens.
Vulnerability Details :
The vulnerability exists in the lock function of veRAACToken.sol:
So for example when a user calls the lock function twice: first with amount A and then with amount B
( The contract uses a mapping(address => Lock) to store locks, which means each user can only have one active lock at a time.) If a user calls lock a second time, the existing lock (with amount A) will be replaced by the new lock (with amount B). in the meantime, the contract calculates the voting power based on the new amount B and the new lock duration.
Amount A is effectively "lost" in the contract because the second lock call overwrites the user's lock position,
here is now The _mint function mints new veRAAC tokens based on the new lock (amount B), and any previous veRAAC tokens (from amount A) are effectively burned.
Impact :
Complete loss of funds.
Tools Used :
Manuel review.
Lead Judging Commences
veRAACToken::lock called multiple times, by the same user, leads to loss of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.