Core Contracts

Summary

when a user locks tokens for a set duration, receiving voting power based on the time and amount locked. Afterthat, When the user later increases her locked amount, the remaining duration is shorter, leading to a recalculation of voting power. This results in a negative adjustment when updating her balance, causing a revert due to underflow.

Vulnerability Details

1. Let’s assume, alice locks 100e18 amount with 365 days duration (by calling the function lock of contract veRAACToken). Current time = February 20,2025.

2. the function lock calls _votingState.calculateAndUpdatePower where duration = 365 days - block.timestamp = 365 days. So initialPower = (100e18*365 days)/1460 days = 25e18. So RAACVoting.Point’s bias is set to 25e18 and newPower/bias = 25e18 is minted to alice. userLock.end for alice in LockManager is set to february 20,2026.

3. after 265 days(current time = November 12, 2025) , alice Increases 10e18 amount of locked RAAC tokens which calls function increase(veRAACToken.sol) which calls _votingState.calculateAndUpdatePower with 100e18+10e18 = 110e18 amount where duration = unlockTime - block.timestamp = (february 20, 2025) - (november 12,2025) = 100 days , so new initialPower/bias = (110e18*100 days)/1460 days = 7.5e18.

4. after that, _mint function in function increase(veRAACToken.sol) is called for alice with newPower - balanceOf(msg.sender) = 7.5e18 - 25e18 = -17.5e18 which will revert due to underflow.

\

Impact

the function increase in the veRAACToken contract can revert due to underflow in a certain scenario for a user.

Tools Used

manual review

Recommendations

burn previous power if newpower is less than previous power for a user.