Submission Details
Severity:
Double accounting for amount in the increase function in veRAACToken.sol
Summary
When the new power and slope is calculated in the veRAACToken.sol, the incorrect amountis being passed. THis causes a higher than expected power for the user.
Vulnerability Details
It can be seen that initially the lockState is updated with the amountand then when the _vointState.calculateAndUpdatePower is called, the amount is again added to the userLock.amount. This causes double accounting of amount and thus inflated minting and power for the user.
function increase(uint256 amount) external nonReentrant whenNotPaused {
// Increase lock using LockManager
_lockState.increaseLock(msg.sender, amount);
_updateBoostState(msg.sender, locks[msg.sender].amount);
// Update voting power
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount + amount,
userLock.end
);
Impact
Increased minting of veRAAC token for the user.
Tools Used
manual review
Recommendations
remove the +amount when calling the calculateAndUpdatePower function.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::increase doubles the voting power of users
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.