Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

`BaseGauge's` `getReward` function will always revert due to rewardTokens never coming in the contract.

hard1k

Vulnerability Details

The BaseGauge 's getReward is called by an user so that he can claim his accumulated rewards and the function is supposed to transfer the rewards from the contract to the msg.sender. i.e the rewardToken. Beofre transferring the tokens to the user the function checks if the contract has enough balance of rewards that the user is trying to claim or not, and it doesnt have the transaction will revert Now the issue in this function is that this function will always revert in this line and that is because the rewardToken the token that is supposed to be paid to the user for his rewards is never transferred to this contract i.e the baseGauge.sol contract. This is because in the RAACMinter.sol their s the function mintRewards and this is the function that is supposed to send the reward token to the specifed to address the BaseGauge contract in this case and this function is supposed to be called by the StabilityPool.sol contract but the problem is that the StabilityPool.sol never calls this function and that mean that the reward will never be transferred to the required contract so the balanceOf of the contract will never get to amount that user is trying to claim and hence will result in the whole transaction reverting and the user being never be able to get his rewards accumulated.

Impact

High imapct as the rewards that the user accumulated by staking and over time, will never be able to get them

Tools Used

Manual Review

Recommendations

Implement a function in the StabilityPool.sol contract that will call the mintRewards function in the RAACMinter.sol so that the rewards come in the contract and the user can claim them whenever he wants.

Code Snippets

function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {

if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();

uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;

excessTokens = excessTokens >= amount ? excessTokens - amount : 0;

if (toMint > 0) {

raacToken.mint(address(this), toMint);

}

-> raacToken.safeTransfer(to, amount);// AUDIT- here this is supposed to be transferred to the Gauge contract but they never are ```

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.