Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect check for totalSupply in the veRAACToken

anonymousjoe

Summary

In the lock function in the veRAACToken.sol, there is a check to limit the totalSupply to MAX_TOTAL_SUPPLY. This check is wrong.

Vulnerability Details

The issue lies in the fact that the amount minted is not equal to amount, rather amount * duration / MAX_DURATION. Thus this check doesnt make sense, as the totalSupply is not going to be increased by amout, but rather with the newPower.

function lock(uint256 amount, uint256 duration) external nonReentrant whenNotPaused {
if (amount == 0) revert InvalidAmount();
if (amount > MAX_LOCK_AMOUNT) revert AmountExceedsLimit();
if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();

Note: the similar error is present in the increase function whcih doesnt check for the totalSupply condition


Impact

incorrect (less amount can be locked) limitation of totalSupply in the lock function, and more amount can be minted using the increase function

Tools Used

manual review

Recommendations

check with the newPower in the lock function, and add the missing check in the increase function

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect `MAX_TOTAL_SUPPLY` check in the `veRAACToken::lock/extend` function of `veRAACToken` could harm locking functionality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!