mintRewards function does not correctly mint the full requested amount
Summary
The mintRewards functionality within RAACMinter.sol allows the stability pool to mint rewards to a specific address with a specific amount. The function utilises the traditional ERC20 functionality in regards to the RAACToken.
Vulnerability Details
When the function calculates the toMint value, we check whether the contracts excessTokens value is more than or equal to the amount being requested for minting. If yes, then we return 0 stating that we do not need to mint any tokens. Otherwise, we need to mint the amount - excessTokens.
Therefore, if the excess is 50, and we are minting 100 to Alice then:
toMint = 50 >= 100 ? 0 : 100 - 50 = 50 to mint
However, lets say that excessTokens is more than the amount. This means we return 0, as there is nothing to mint. But then we have an if condition which only mints tokens based on if the toMint value is more than 0.
This would essentially mean that even if we do have a sufficient value stored at excessTokens to cover the amount, we won't be able to as we return 0 as excessTokens >= amount.
Impact
Incorrect accounting rearding the token amount used for the minting process.
Tools Used
Manual review
Recommendations
In this situation, all we have to do is mint the amount of rewards requested, e.g. amount.
Lead Judging Commences
RAACMinter wrong excessTokens accounting in tick function
RAACMinter wrong excessTokens accounting in tick function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.