Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Token Accounting in RAACMinter's Tick Function

waydou

Summary

The RAACMinter contract has a critical accounting error in its tick() function where it increases the excessTokens counter for tokens that are directly minted to the stability pool, leading to an inconsistency between recorded and actual excess token balances.

Vulnerability Details

The RAACMinter contract has a critical accounting error in its tick() function where it increases the excessTokens counter for tokens that are directly minted to the stability pool, leading to an inconsistency between recorded and actual excess token balances.

function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {
if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;
excessTokens = excessTokens >= amount ? excessTokens - amount : 0;
if (toMint > 0) {
raacToken.mint(address(this), toMint);
}
raacToken.safeTransfer(to, amount);
emit RAACMinted(amount);
}

However, in the tick() function:

function tick() external nonReentrant whenNotPaused {
// ...
if (blocksSinceLastUpdate > 0) {
uint256 amountToMint = emissionRate * blocksSinceLastUpdate;
if (amountToMint > 0) {
excessTokens += amountToMint; // Incorrectly increases excess tokens
lastUpdateBlock = currentBlock;
raacToken.mint(address(stabilityPool), amountToMint); // Tokens go to stability pool
emit RAACMinted(amountToMint);
}
}
}

The issue is that tick() increases excessTokens by amountToMint but those tokens are minted directly to the stability pool and never held by the contract.

Impact

  1. excessTokens becomes inflated with tokens that don't exist in the contract

  2. mintRewards() calculations become incorrect as they assume these tokens are available

  3. This could lead to failed transfers in mintRewards() when trying to transfer tokens that don't exist

Tools Used

Manual Review

Recommendations

Remove the excessTokens increment in tick() since tokens are directly minted to stability pool

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter wrong excessTokens accounting in tick function

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter wrong excessTokens accounting in tick function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!