Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

The `depositRAACFromPool` function is not called from the `LendingPool` contract, but it has the `onlyLiquidityPool` modifier.

shubu2581

Summary

he LendingPool does not call the depositRAACFromPool function, but it has the onlyLiquidityPool modifier.

Vulnerability Details

The depositRAACFromPool function has a modifier that allows only onlyLiquidityPool (i.e., LendingPool) to call it. However, there is no implementation in the LendingPool contract that calls the `depositRAACFromPool` function.

The LendingPool will not be able to send RAACTokens to the StabilityPool since it does not call the depositRAACFromPool function anywhere in the contract.

modifier onlyLiquidityPool() {

if (msg.sender != liquidityPool) revert UnauthorizedAccess();

}

@>>function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {

uint256 preBalance = raacToken.balanceOf(address(this));

raacToken.safeTransferFrom(msg.sender, address(this), amount);

uint256 postBalance = raacToken.balanceOf(address(this));

if (postBalance != preBalance + amount) revert InvalidTransfer();

// TODO: Logic for distributing to managers based on allocation

emit RAACDepositedFromPool(msg.sender, amount);

}

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/StabilityPool/StabilityPool.sol#L326

IMPACT

1. RAACTokens cannot be transfered from LendingPool to StabilityPool.

The LendingPool cannot transfer RAACTokens to the StabilityPool because it never invokes the depositRAACFromPool function within the contract.

Tools Used

Manual Review

Recommendations

1. Add the depositRAACFromPool function call in the LendingPool where it is necessary.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.