Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Check for Minimum Lock Duration in calculateVeAmount Function

udo

Summary

The calculateVeAmount function is responsible for computing the veRAAC amount based on the lock duration and amount. However, the function does not enforce a minimum lock duration (MIN_LOCK_DURATION), allowing users to input an extremely low duration, which may lead to unintended behavior.

Vulnerability Details

The function correctly caps lockDuration at MAX_LOCK_DURATION, but it does not ensure that lockDuration is at least MIN_LOCK_DURATION.

Impact

  • This oversight allows users to call the function with a lock duration of 1 second or any arbitrary small value, leading to very small veRAAC allocations.

  • This could lead to an inefficient distribution of voting power, potentially affecting governance mechanisms.

Recommended Fix

Modify the function to enforce MIN_LOCK_DURATION, ensuring that any lock duration provided is within the valid range:

Proposed Fix:

function calculateVeAmount(uint256 amount, uint256 lockDuration) external pure returns (uint256) {
if (amount == 0 || lockDuration < MIN_LOCK_DURATION) return 0;
if (lockDuration > MAX_LOCK_DURATION) lockDuration = MAX_LOCK_DURATION;
// Calculate voting power as a linear function of lock duration
return (amount * lockDuration) / MAX_LOCK_DURATION;
}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!