Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Valid

`mintRewards` is never used in `StabilityPool`

Summary

mintRewards is never used in StabilityPool

Vulnerability Details

Link

mintRewards can only be called from StabilityPool.sol:

if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();

The problem that it is never used in StabilityPool.sol. Deposit function calls raacMinter.tick() twice (in _update() and _mintRAACRewards()), but, as far as I understand, mintRewards() should be called instead.

function _mintRAACRewards() internal {
if (address(raacMinter) != address(0)) {
raacMinter.tick();
}
}

Impact

mintRewards is never used in StabilityPool.sol, but function raacMinter.tick() called twice.

Tools Used

Manual review.

Recommendations

Recommended to call mintRewards() in StabilityPool._mintRAACRewards().

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.