Submission Details
Severity:
Missing Implementation of RAAC Distribution Logic
Summary
The function depositRAACFromPool contains a TODO comment indicating missing implementation for manager allocation distribution, which could lead to trapped funds and improper token distribution.
Vulnerability Details
function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {
uint256 preBalance = raacToken.balanceOf(address(this));
raacToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 postBalance = raacToken.balanceOf(address(this));
if (postBalance != preBalance + amount) revert InvalidTransfer();
// TODO: Logic for distributing to managers based on allocation
emit RAACDepositedFromPool(msg.sender, amount);
}
The logic to distribute raac tokens to managers based on allocation is missing from depositRAACFromPoolfunction. The contract will receive the raac tokens but won't be able to distribute due to missing logic
Impact
Managers will not receive their allocated tokens
Tools Used
Manual
Recommendations
Implement the logic to distribute the tokens to managers
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool::calculateRaacRewards uses contract balance for reward calculation, incorrectly including tokens meant for manager allocation - Manager allocation not implemented
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.