Allocation mismatch in stabilitypool.sol
Summary
The updateAllocation and updateMarketAllocation functions in the StabilityPool contract contain a mathematical error in calculating the total allocation, which could lead to incorrect allocation tracking.
Vulnerability Details
The functions use incorrect arithmetic when updating the total allocation:
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L146
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L383
This calculation order can lead to incorrect results when reducing allocations, as it first subtracts the old allocation and then adds the new one, rather than calculating the net change.
Impact
Incorrect tracking of total allocations in the system
misalignment between individual allocations and total allocation
affect smanager/market distribution calculations
Tools Used
manual audit
Recommendations
use this instead
totalAllocation = totalAllocation + newAllocation - oldAllocation;
Lead Judging Commences
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.