Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Zero Amount Boost Due to Uninitialized Mapping in veRAACToken::increase function

Dowsers

Description

The veRAACToken::increase function uses an uninitialized locks mapping for boost calculations instead of the correct _lockState.locks storage. This mapping is never updated, causing all boost calculations to use zero amounts.

// Uninitialized mapping never used for storage

mapping(address => Lock) public locks; // line 115

function increase(uint256 amount) external nonReentrant whenNotPaused {

_lockState.increaseLock(msg.sender, amount);

@> _updateBoostState(msg.sender, locks[msg.sender].amount); // Uses uninitialized mapping (returns 0)

LockManager.Lock memory userLock = _lockState.locks[msg.sender]; // Correct storage location

}

// For comparison, lock() correctly uses _lockState

function lock(uint256 amount, uint256 duration) external {

// ...

@> _lockState.createLock(msg.sender, amount, duration); // Updates correct storage

_updateBoostState(msg.sender, amount);

// ...

}

Example of data inconsistency:

// User locks 1000 RAAC

user.lock(1000 RAAC):

_lockState.locks[user].amount = 1000 // Correct storage updated

locks[user].amount = 0 // Mapping remains uninitialized

// User increases by 500 RAAC

user.increase(500):

_updateBoostState uses:

- locks[user].amount = 0 // Wrong! Uses uninitialized mapping

Instead of:

- _lockState.locks[user].amount = 1000 // Correct value that should be used

Risk

Likelihood: High

Occurs on every increase operation
The mapping is never initialized

Impact: Medium

Boost calculations use zero amounts
Users lose all boost benefits when increasing position
Affects governance power calculations

Recommended Mitigation

contract veRAACToken {

function increase(uint256 amount) external nonReentrant whenNotPaused {

_lockState.increaseLock(msg.sender, amount);

- _updateBoostState(msg.sender, locks[msg.sender].amount); // Wrong storage

+ _updateBoostState(msg.sender, _lockState.locks[msg.sender].amount); // Correct storage

LockManager.Lock memory userLock = _lockState.locks[msg.sender];

// ... rest of the function

}

Should use the correct _lockState.locks storage for boost calculations.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

veRAACToken::increase uses locks[msg.sender] instead of _lockState.locks[msg.sender] inside _updateBoostState call

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.