Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Emission Rate Application Vulnerability in RAACMinter

TxGuard

Summary

The RAACMinter contract is responsible for managing the minting and distribution of RAAC tokens within the RAAC lending protocol. A critical vulnerability exists in the tick() function, where the emission rate is updated before calculating the amount to mint. This leads to incorrect minting amounts being applied to past blocks, resulting in potential discrepancies in token distribution and user rewards.

Vulnerability Details

Problem Location

The vulnerability is located in the tick() function of the RAACMinter contract:

function tick() external nonReentrant whenNotPaused {
if (
emissionUpdateInterval == 0 ||
block.timestamp >= lastEmissionUpdateTimestamp + emissionUpdateInterval
) {
updateEmissionRate(); // Emission rate is updated here
}
uint256 currentBlock = block.number;
uint256 blocksSinceLastUpdate = currentBlock - lastUpdateBlock;
if (blocksSinceLastUpdate > 0) {
uint256 amountToMint = emissionRate * blocksSinceLastUpdate; // Minting amount calculated after rate update
if (amountToMint > 0) {
excessTokens += amountToMint;
lastUpdateBlock = currentBlock;
raacToken.mint(address(stabilityPool), amountToMint); // Tokens minted to StabilityPool
emit RAACMinted(amountToMint);
}
}
}

Explanation of the Vulnerability

  • Incorrect Order of Operations: The tick() function first checks if the emission rate needs to be updated and performs that update before calculating the amount to mint. This means that the new emission rate is applied to all blocks since the last update, which is incorrect.

  • Minting Amount Calculation: The line uint256 amountToMint = emissionRate * blocksSinceLastUpdate; calculates the minting amount based on the potentially updated emission rate, leading to incorrect token amounts being minted for past blocks.

Impact

1. Incorrect Token Minting Amounts

  • Description: When the emission rate is updated before calculating the minting amount, the tokens minted do not accurately reflect the intended rewards based on the previous emission rate.

  • Effect: This can lead to either over-minting or under-minting of tokens, which disrupts the intended economic model of the RAAC lending protocol.

2. Discrepancies in User Rewards

  • Description: Users expect their rewards to be calculated based on the emission rate at the time of their participation. If the minting amount is incorrect, users may receive more or fewer tokens than they are entitled to.

  • Effect: This can lead to user dissatisfaction, loss of trust in the protocol, and potential financial losses for users.

3. Impact on excessTokens Tracking

  • Description: The excessTokens variable is intended to track the amount of tokens available for distribution. If the minting amounts are incorrect, this variable will not accurately reflect the available tokens.

  • Effect: This can lead to further complications in future reward distributions, as the contract may not have a clear understanding of how many tokens are available for minting.

4. User Experience and Trust Issues

  • Description: Users rely on the protocol to manage their rewards accurately. If they experience inconsistencies in their rewards, it can lead to frustration and a lack of confidence in the system.

  • Effect: This can result in decreased user engagement and potential loss of users, ultimately affecting the protocol's success.

Tools Used

  • Solidity: The programming language used to implement the RAACMinter and RAACToken contracts.

  • OpenZeppelin Contracts: Utilized for secure implementations of ERC20 and Ownable functionalities.

  • Forge: A testing framework used to write and execute tests for the RAACMinter contract, including vulnerability tests.

Recommendations

1. Correct the Order of Operations in tick()

  • Action: Update the tick() function to calculate the minting amount using the current emission rate first, and then update the emission rate if needed. The corrected code should look like this:

uint256 amountToMint = currentEmissionRate * blocksSinceLastUpdate; // Calculate minting amount first
if (emissionUpdateInterval == 0 || block.timestamp >= lastEmissionUpdateTimestamp + emissionUpdateInterval) {
updateEmissionRate(); // Update the emission rate after calculating minting amount
}

2. Implement Comprehensive Testing

  • Action: Develop additional tests to cover edge cases related to token minting and distribution. Ensure that the tests verify the correct balance of the RAACMinter after minting and that users can successfully claim their rewards based on the correct emission rate.

3. Conduct Regular Security Audits

  • Action: Schedule regular security audits of the RAACMinter and RAACToken contracts to identify and address potential vulnerabilities proactively.

4. User Communication

  • Action: Communicate with users about the issue and the steps being taken to resolve it. Transparency can help maintain user trust during the resolution process.

By addressing this vulnerability, the RAACMinter contract can ensure proper token management and distribution, enhancing the overall functionality and user experience of the RAAC lending protocol.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter tick applies new emission rates retroactively to past blocks by updating rate before minting tokens for previous period

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.