Inflated `veRAACToken::TotalLocked` State Due to Missing Decrement on Withdrawals
Summary
In the veRAACToken contract, while the lock creation and increase functions correctly increment the total locked token count (state.totalLocked), the withdrawal function fails to decrement this value when tokens are unlocked. This results in an inflated and inaccurate representation of the total tokens locked within the system.
Vulnerability Details
When users lock tokens using the createLock function—or increase their lock with the increase function—the contract adds the specified token amount to state.totalLocked. However, upon withdrawal in the withdraw function, although the user's lock record is cleared and their tokens are returned, there is no corresponding decrement to state.totalLocked. This discrepancy means that the total locked amount remains artificially high, potentially affecting any calculations or mechanisms (such as boost computations or governance metrics) that depend on an accurate total locked value.
Impact
An inflated state.totalLocked can lead to incorrect reward distributions, boost calculations, and governance voting power assessments, as these computations rely on the accurate total of locked tokens.
Tools Used
Manual Review
Recommendations
In the withdraw function, subtract the withdrawn amount from state.totalLocked to ensure that the total locked tokens are accurately updated.
Lead Judging Commences
veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`
veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.