Missing Total Supply Check in `increase` Function
Summary
The increase function allows users to add more tokens to an existing lock without verifying whether the MAX_TOTAL_SUPPLY limit is exceeded. This oversight can lead to situations where the total supply surpasses the intended cap, potentially causing issues in the contract's supply management.
Vulnerability Details
The lock function includes the following check to ensure that the total supply does not exceed MAX_TOTAL_SUPPLY:
However, the increase function does not include a similar validation before allowing users to increase their locked amount. Without this check, a user could potentially exceed the MAX_TOTAL_SUPPLY constraint by repeatedly increasing their locked amount.
Impact
The total supply of veRAAC tokens may exceed the defined
MAX_TOTAL_SUPPLY, breaking the intended supply constraints.This could lead to inflationary effects, affecting governance mechanisms or utility dependent on veRAAC tokens.
Tools Used
Manual code review
Recommendations
-
Add a supply cap validation in the
increasefunction similar to thelockfunction:if (totalSupply() + amount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
Lead Judging Commences
veRAACToken::increase doesn't check the token supply, making it possible to mint over the MAX
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.