StabilityPool.sol has no implementation to call RAACMinter.sol::mintRewards()
Summary
There is no implemented code in the stability pool that can call RAACMinter.sol::mintRewards()
Vulnerability Details
The stability pool calls this function, which does not interact with mintRewards() at all
If RAACMinter.sol::tick() is used on the place of RAACMinter.sol::mintRewards(), then there is a bit different reward distribution logic.
tick() mints new tokens based on block time but does not handle direct reward transfers.
tick() does not consider pending rewards or excess tokens first, while mintRewards() does.
Impact
If rewards were supposed to be distributed through mintRewards(), but tick() is used instead, users may not receive rewards correctly.
Tools Used
Manual
Recommendations
Add implementation in order to stabilityPool to be able to call mintRewards().
Lead Judging Commences
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.