Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`RAACMinter` uses Ethereum specific setup but the codebase should be compatible with `All EVM Compatible` chains.

ke1caM

Summary

Protocol uses Ethereum specific setup but the codebase should be compatible with All EVM Compatible chains. Emission rate is calculated using hardcoded blocks per day value which is different on every chain.

Vulnerability Details

The constructor sets emissionRate and INITIAL_RATE / BLOCKS_PER_DAY. BLOCKS_PER_DAY is set to 7200 assuming 12 second block-time. This value should not be hardcoded in the contract as constant variable. It should be mutable and should be initialized based on the chain block time that the protocol is going to be deployed.

constructor(

address _raacToken,

address _stabilityPool,

address _lendingPool,

address initialOwner

) Ownable(initialOwner) {

if (_raacToken == address(0) || _stabilityPool == address(0) || _lendingPool == address(0) || initialOwner == address(0)) {

revert ZeroAddress();

}

raacToken = IRAACToken(_raacToken);

stabilityPool = IStabilityPool(_stabilityPool);

lendingPool = ILendingPool(_lendingPool);

emissionRate = INITIAL_RATE / BLOCKS_PER_DAY;

lastUpdateBlock = block.number;

benchmarkRate = emissionRate;

lastEmissionUpdateTimestamp = block.timestamp - BASE_EMISSION_UPDATE_INTERVAL;

emissionUpdateInterval = BASE_EMISSION_UPDATE_INTERVAL;

_grantRole(DEFAULT_ADMIN_ROLE, initialOwner);

_grantRole(PAUSER_ROLE, initialOwner);

_grantRole(UPDATER_ROLE, initialOwner);

}

Impact

Emission rate will be incorrect on chains different than Ethereum. This leads to incorrect rewards emission on different chains.

Tools Used

Manual Review, Hardhat

Recommendations

BLOCKS_PER_DAY should be set based on chain that the contract is going to be deployed on. It shouldn't be hardcoded in the RAACMinter contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Appeal created

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.