Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Total Supply Cap in `veRAACToken.increase` Allows Unlimited Governance Token Inflation

elvin_a_block

Summary

The veRAACToken contract lacks critical supply cap enforcement when minting new governance tokens through lock position increases. This omission allows malicious actors to bypass intended tokenomics by minting unlimited veRAAC tokens, potentially leading to governance manipulation and protocol value dilution. The vulnerability stems from missing validation against a maximum total supply during the minting process in the veRAACToken.increase function.

Vulnerability Details

The vulnerability exists in the veRAAC token's lock increase mechanism where new token minting occurs without validating against a maximum total supply cap. The affected code resides in function veRAACToken.increase (veRAACToken.sol#L270):

contract veRAACToken is ERC20, Ownable, ReentrancyGuard, IveRAACToken {
function increase(uint256 amount) external nonReentrant whenNotPaused {
// Increase lock using LockManager
_lockState.increaseLock(msg.sender, amount);
_updateBoostState(msg.sender, locks[msg.sender].amount);
// Update voting power
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount + amount,
userLock.end
);
// Update checkpoints
uint256 newPower = uint256(uint128(newBias));
_checkpointState.writeCheckpoint(msg.sender, newPower);
// Transfer additional tokens and mint veTokens
raacToken.safeTransferFrom(msg.sender, address(this), amount);
@> _mint(msg.sender, newPower - balanceOf(msg.sender));
emit LockIncreased(msg.sender, amount);
}
}

The contract currently allows unlimited veRAAC token minting through the veRAACToken.increase function when users add to their locked positions. While the system calculates voting power based on lock parameters, it fails to enforce any hard cap on the total veRAAC supply during this operation.

This omission violates the fundamental tokenomics assumption that veRAAC supply should be strictly tied to locked RAAC token amounts with a predefined maximum ceiling. Attackers could exploit this by repeatedly increasing lock amounts to artificially inflate the veRAAC supply beyond intended limits.

Impact

The absence of a total supply cap check during veRAAC token minting allows for:

  1. Unlimited Governance Token Inflation: Malicious actors could manipulate governance outcomes by artificially inflating their voting power through repeated lock increases

  2. Tokenomics Breakdown: The veRAAC supply could exceed protocol-design limits, devaluing legitimate holders' positions and disrupting planned emission schedules

  3. Protocol Parameter Manipulation: Excessive veRAAC supply could enable attackers to:

    • Skew gauge weight voting results

    • Influence governance proposals disproportionately

    • Disrupt reward distribution mechanisms

This vulnerability fundamentally undermines the protocol's economic model and governance integrity, potentially leading to protocol capture by malicious actors.

Tools Used

Manual Review

Recommendations

Implement supply cap enforcement in veRAACToken.increase:

uint256 newAmount = newPower - balanceOf(msg.sender);
if (totalSupply() + newAmount > MAX_TOTAL_SUPPLY) revert TotalSupplyLimitExceeded();
_mint(msg.sender, newAmount);
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::increase doesn't check the token supply, making it possible to mint over the MAX

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.