Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing `MAX_TOTAL_SUPPLY` check in `increase` and `extend` functions of `veRAACToken` allows users to exceed total supply limit

Coverage

Description

In veRAACToken, a maximum total supply limit (MAX_TOTAL_SUPPLY) is configured to prevent minting more veRAAC tokens than the configured cap. This restriction is applied in the lock function:

function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused {
...
if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
...
}

However, this restriction is missing in both the increase and extend functions, allowing users to bypass the supply cap and mint more veRAAC tokens than intended.

Context

Impact

High. The total supply of veRAAC tokens can exceed the intended MAX_TOTAL_SUPPLY limit, potentially disrupting governance mechanisms.

Likelihood

High. Since there is no barrier preventing the total supply from exceeding the limit, any user leveraging the increase or extend functions can trigger this issue.

Recommendation

Implement a total supply check in both increase and extend functions to enforce the MAX_TOTAL_SUPPLY restriction and prevent unintended inflation.

function increase(uint256 amount) external nonReentrant whenNotPaused {
// Increase lock using LockManager
_lockState.increaseLock(msg.sender, amount);
_updateBoostState(msg.sender, locks[msg.sender].amount);
// Update voting power
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount + amount,
userLock.end
);
// Update checkpoints
uint256 newPower = uint256(uint128(newBias));
+ if (totalSupply() + newPower > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
_checkpointState.writeCheckpoint(msg.sender, newPower);
// Transfer additional tokens and mint veTokens
raacToken.safeTransferFrom(msg.sender, address(this), amount);
_mint(msg.sender, newPower - balanceOf(msg.sender));
emit LockIncreased(msg.sender, amount);
}
function extend(uint256 newDuration) external nonReentrant whenNotPaused {
// Extend lock using LockManager
uint256 newUnlockTime = _lockState.extendLock(msg.sender, newDuration);
// Update voting power
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount,
newUnlockTime
);
// Update checkpoints
uint256 oldPower = balanceOf(msg.sender);
uint256 newPower = uint256(uint128(newBias));
_checkpointState.writeCheckpoint(msg.sender, newPower);
// Update veToken balance
if (newPower > oldPower) {
+ uint256 mintAmount = newPower - oldPower;
+ if (totalSupply() + mintAmount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
- _mint(msg.sender, newPower - oldPower);
+ _mint(msg.sender, mintAmount);
} else if (newPower < oldPower) {
_burn(msg.sender, oldPower - newPower);
}
emit LockExtended(msg.sender, newUnlockTime);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::increase doesn't check the token supply, making it possible to mint over the MAX

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.