Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

TotalSupply Cap Bypass in veRAACToken Through Increase Function

allamloqman

Summary :

The veRAACToken contract enforces a MAX_TOTAL_SUPPLY limit in the lock() function but fails to check this limit in the increase() function, allowing users to bypass the total supply cap through multiple increase operations.

Vulnerability Details :

In veRAACToken.sol:

function lock(uint256 amount, uint256 duration) external {
if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
// ... rest of function
}

Increase function lacks the check:

function increase(uint256 amount) external nonReentrant whenNotPaused {
_lockState.increaseLock(msg.sender, amount);
_updateBoostState(msg.sender, locks[msg.sender].amount);
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount + amount,
userLock.end
);
uint256 newPower = uint256(uint128(newBias));
_mint(msg.sender, newPower - balanceOf(msg.sender));
}

so a User creates initial lock under MAX_TOTAL_SUPPLY, after that he calls increase function multiple times . Each increase mints additional veTokens

The Total supply now can exceed MAX_TOTAL_SUPPLY (100M).

Impact :

  1. Unlimited veToken minting possible.

  2. Voting power can be inflated beyond intended limits.

Tools Used :

  • Manual code review

Recommendations :

Add total supply check to increase.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::increase doesn't check the token supply, making it possible to mint over the MAX

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!