Submission Details
Severity:
`RAACMinter.mintRewards()` Can Never Be Called
Summary
The RAACMinter.mintRewards() function is intended to be callable only by the StabilityPool. However, there is currently no logic within the StabilityPool to invoke this function.
Vulnerability Details
The RAACMinter.mintRewards() function checks if the caller is the StabilityPool. Since there is no implementation in the StabilityPool that calls this function, it remains inaccessible.
function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {
182 if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;
excessTokens = excessTokens >= amount ? excessTokens - amount : 0;
if (toMint > 0) {
raacToken.mint(address(this), toMint);
}
raacToken.safeTransfer(to, amount);
emit RAACMinted(amount);
}
Impact
The RAACMinter.mintRewards() function can never be called, which prevents reward minting.
Tools Used
Manual review
Recommendations
Implement logic within the StabilityPool to call the mintRewards() function.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.