Submission Details
Severity:
`mintRewards` is never used in `StabilityPool`
Summary
mintRewards is never used in StabilityPool
Vulnerability Details
mintRewards can only be called from StabilityPool.sol:
if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
The problem that it is never used in StabilityPool.sol. Deposit function calls raacMinter.tick() twice (in _update() and _mintRAACRewards()), but, as far as I understand, mintRewards() should be called instead.
function _mintRAACRewards() internal {
if (address(raacMinter) != address(0)) {
raacMinter.tick();
}
}
Impact
mintRewards is never used in StabilityPool.sol, but function raacMinter.tick() called twice.
Tools Used
Manual review.
Recommendations
Recommended to call mintRewards() in StabilityPool._mintRAACRewards().
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::mintRewards function is never called by StabilityPool despite being the only authorized caller, leaving intended reward functionality unused
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.