Submission Details
Severity:
Total Locked Amount Not Decreased on Withdrawals Leading to Accounting Issues
Summary :
The veRAACToken contract fails to decrease _lockState.totalLocked when users withdraw their tokens, causing incorrect accounting of total locked tokens and potential system-wide issues.
Vulnerability Details :
the issue exist in :
function withdraw() external nonReentrant {
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
if (userLock.amount == 0) revert LockNotFound();
if (block.timestamp < userLock.end) revert LockNotExpired();
uint256 amount = userLock.amount;
uint256 currentPower = balanceOf(msg.sender);
// Clear lock data
delete _lockState.locks[msg.sender];
delete _votingState.points[msg.sender];
// Update checkpoints
_checkpointState.writeCheckpoint(msg.sender, 0);
// Burn veTokens and transfer RAAC
_burn(msg.sender, currentPower);
raacToken.safeTransfer(msg.sender, amount);
// Missing: _lockState.totalLocked -= amount;
}
As we can see totalLocked never decreases .
Impact :
Incorrect Total Value Locked (TVL) reporting that cause Broken boost calculations that rely on totalLocked.
Potential DOS when totalLocked reaches uint256 max ( likelihood is low but it will happen ) .
Tools Used :
Manual code review
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.