Denial-of-Service (DoS) in lock Function Due to Incorrect Scaling of amount for Total Supply Validation
Summary
The lock function in the veRAACToken contract contains a vulnerability where the total supply validation is incorrectly performed against the amount parameter instead of the actual value being minted (newPower). This misalignment lead to incorrect enforcement of the MAX_TOTAL_SUPPLY limit, potentially allowing the contract to mint more tokens than intended or creating DOS.
Vulnerability Details
Location
The vulnerability is located in the lock function :
Root Cause
The issue arises because the function validates the total supply against the amount parameter, which represents the number of tokens being locked. However, the actual value being minted is newPower, calculated as uint256(uint128(bias)), where bias is derived from the initialPower formula:
Since newPower is not guaranteed to be equal to amount, the validation logic is flawed. This will result in a DOS.
Impact
This will result in a Denial-of-Service (DoS) for minting veToken because amount is not scaled in the same way as the total supply. Since newPower is derived from amount and duration, and is typically much smaller than amount, the validation totalSupply() + amount > MAX_TOTAL_SUPPLY will revert when supply of veToken increase at some point.
Tools Used
The vulnerability was identified through a thorough review of the lock function and its associated logic.
Recommendations
Modify the lock function to validate the total supply against newPower instead of amount.
Lead Judging Commences
Incorrect `MAX_TOTAL_SUPPLY` check in the `veRAACToken::lock/extend` function of `veRAACToken` could harm locking functionality
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.