Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Overwriting pool's `workingSupply` Instead of Accumulating in `BoostController::updateUserBoost`

0xnforcer

Summary

The contract sets poolBoost.workingSupply to a single user’s calculated boost amount (newBoost) when updating a user’s boost, rather than adjusting it by the difference between newBoost and the existing boost. This causes workingSupply to be overwritten, ignoring all other users’ boosts in the pool.

Vulnerability Details

Within updateUserBoost, the line:

//IBoostController.sol

/**

* @notice Struct to track pool-wide boost metrics

* @param totalBoost The total boost amount for the pool

* @param workingSupply The total working supply including boosts

* @param baseSupply The base supply without boosts

* @param lastUpdateTime The last time pool boosts were updated

struct PoolBoost {

uint256 totalBoost;

uint256 workingSupply;

uint256 baseSupply;

uint256 lastUpdateTime;

}

//BoostController.sol

poolBoost.workingSupply = newBoost; // Set working supply directly to new boost

unconditionally overwrites the pool’s entire workingSupply with the boost amount of one user. In a multi-user scenario, this will result in the total effective supply (and therefore any rewards based on workingSupply) being miscalculated because other users’ boosts are not taken into account.

Impact

All existing boosts in the pool are effectively nullified every time a single user updates their boost. This leads to an incorrect workingSupply and can cause unfair or inaccurate reward distribution among participants.

Tools Used

Manual Review

Recommendations

Replace the direct assignment of poolBoost.workingSupply with an incremental or decremental update

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BoostController::updateUserBoost overwrites workingSupply with single user's boost value instead of accumulating, breaking reward multipliers and allowing last updater to capture all benefits

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.