Submission Details
Severity:
RAACMinter can't mint rewards to specific addresses
Summary
The mintRewards inside RAACMinter.sol can't be called.
Vulnerability Details
There's a function inside RAACMinter.sol called mintRewards which mints RAAC rewards to a specified address:
function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {
if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;
excessTokens = excessTokens >= amount ? excessTokens - amount : 0;
if (toMint > 0) {
raacToken.mint(address(this), toMint);
}
raacToken.safeTransfer(to, amount);
emit RAACMinted(amount);
}
As you can see this function is only callable by the StabilityPool.sol:
if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
However, if we take a look at StabilityPool.sol we can see that there is no function to call mintRewards inside RAACMinter.sol, so the mintRewards can't be called ever.
Impact
RAACMinter.sol cant mint RAAC rewards to a specified address.
Tools Used
Manual Review
Recommendations
Define a function inside StabilityPool.sol to call mintRewards inside RAACMinter.sol.
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.