Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Excess Tokens Cap

ibukunola

Summary

The excessTokens variable in tick() lacks an upper bound, risking over-accumulation from high emissions or delays. This medium-impact, low-likelihood issue could skew economics or exceed pool capacity, though limited by raacToken minting constraints, potentially causing distribution issues.

Vulnerability Details

excessTokens grows unchecked. Example:

tick() with emissionRate = 2000e18 / 7200 (2000 RAAC/day), delayed 30 days (216000 blocks).
excessTokens += 432000e18 (432K RAAC, $432K at 1M pool), exceeding capacity.
Excess $432K disrupts economics or reverts.

Impact

Excess RAAC (e.g., $432K) could distort value or cause failures, a medium-impact issue. The low likelihood depends on extreme delays or misconfigurations, but the absence of a cap poses a latent risk to stability.

Tools Used

Manual Code Review: To confirm missing cap on excessTokens.

Recommendations

Cap excessTokens:

uint256 constant MAX_EXCESS_TOKENS = 1000000e18; // 1M RAAC
function tick() external nonReentrant whenNotPaused {
// ... existing logic ...
uint256 amountToMint = emissionRate * blocksSinceLastUpdate;
require(excessTokens + amountToMint <= MAX_EXCESS_TOKENS, "Excess tokens exceed limit");
// ... minting logic ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.