Core Contracts

Summary

The RAACMinter contract includes a mintRewards function designed to mint and distribute RAAC tokens as rewards. However, this function is not invoked or referenced anywhere within the protocol, effectively making it redundant and unused. Its existence unnecessarily adds to the contract's code size and complexity.

Vulnerability Details

• Affected Function:

  function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {

  if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();

  uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;

  excessTokens = excessTokens >= amount ? excessTokens - amount : 0;

  ​

  if (toMint > 0) {

  raacToken.mint(address(this), toMint);

  }

  raacToken.safeTransfer(to, amount);

  emit RAACMinted(amount);

  }

• Issue:
  The mintRewards function is not used or referenced by any other component of the contract or protocol, rendering it effectively dead code.

Impact

• Contract Bloat:
  The presence of unused functions unnecessarily increases the contract's bytecode size. This can lead to higher deployment costs and increased gas fees when interacting with the contract.

• Added Complexity:
  Unused code complicates the contract’s maintenance and auditing processes, potentially introducing security risks or opportunities for oversight.

Tools Used

• Manual Code Review

Recommendations

1. Remove Unused Function:
   If the mintRewards function is not part of the current protocol logic, it should be removed. This will simplify the code, reduce complexity, and minimize the potential attack surface.