Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Zeno auction is borken

pyro

Summary

Vulnerability Details

All zeno tokens are redeemable in the exact same day.

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/zeno/ZENO.sol#L46

function redeem(uint amount) external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
if (amount == 0) {
revert ZeroAmount();
}
uint256 totalAmount = balanceOf(msg.sender);
if (amount > totalAmount) {
revert InsufficientBalance();
}
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount);
}

However the auction that users buy from can lat a long time, meaning that the late the user bids the smaller amout of time he would need to wait to unlock his
zeno tokens. this would incentivize users wait more, not only to get their tokens cheaper but to have a smaller lock and be able to use their original tokens more.

Example:

  1. Two week auction starts and zeno will be unlocked in a month

  2. Bob buys some tokens

  3. Alice is smart and she waits to near the end of the auction to buy her share of the tokens

Bob has had his zeno tokens locked for a month, while Alice had her locked for 2 weeks

Impact

No incentives for users to bid and buy zeno early
Incentives for users to wait
This will force users to wait till the end of the auction to buy their zeno tokens

Tools Used

Manual review

Recommendations

Add locks for each user, so that if a user buys late he will have to wait the full time and his tokens will unlock after everybody else.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.