Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

_lockState.totalLocked is not updated in withdrawal functions

ghostbytes

Description

Since _lockState.totalLocked represent the total amount of raacTokens currently locked in veRAACToken, it has to be correctly increased / decreased on every deposit / withdrawal functions respectively.

While the lock() and increase() correctly increase it on every deposit with the deposit amounts but the withdraw() and emergencyWithdraw() doesn't decrease it.

Impact

Incorrect _boostState.totalWeight is updated

// https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/tokens/veRAACToken.sol#L572
function _updateBoostState(address user, uint256 newAmount) internal {
...
_boostState.totalWeight = _lockState.totalLocked;
...
}

Recommendations

Decrease _lockState.totalLocked with the user's locked amount in both withdrawal functions like this:

function withdraw() external nonReentrant {
...
uint256 amount = userLock.amount;
...
// Clear lock data
delete _lockState.locks[msg.sender];
delete _votingState.points[msg.sender];
+ //decrease _lockState.totalLocked
+ _lockState.totalLocked -= amount;
...
}
function emergencyWithdraw() external nonReentrant {
...
uint256 amount = userLock.amount;
...
delete _lockState.locks[msg.sender];
delete _votingState.points[msg.sender];
+ //decrease _lockState.totalLocked
+ _lockState.totalLocked -= amount;
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::withdraw / emergencyWithdraw doesn't substract the `_lockState.totalLocked`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.