Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

RAACMinter's hardcoded BLOCKS_PER_DAY constant leads to incorrect emission rates on chains with different block times

0xredtrama

Summary

The RAACMinter contract uses a hardcoded BLOCKS_PER_DAY = 7200 constant that assumes 12-second block times. While this works correctly on Ethereum mainnet, it leads to significantly higher emission rates on chains with faster block times, and unpredictable emissions on L2s with variable block times.

Vulnerability Details

The contract uses block-based calculations with a hardcoded constant:

uint256 public constant BLOCKS_PER_DAY = 7200; // Assuming 12-second block time
uint256 public constant INITIAL_RATE = 1000 * 1e18; // 1000 RAAC per day
uint256 public constant MAX_BENCHMARK_RATE = 2000 * 1e18 / BLOCKS_PER_DAY; // 2000 RAAC per day maximum

The emission calculation happens in the tick() function:

function tick() external nonReentrant whenNotPaused {
// ... other code ...
uint256 blocksSinceLastUpdate = currentBlock - lastUpdateBlock;
uint256 amountToMint = emissionRate * blocksSinceLastUpdate;
}

Let's analyze how this affects different chains:

  1. Ethereum (12s blocks) - Works Correctly

BLOCKS_PER_DAY = 7200 (correct)
Daily blocks = 7200
If emissionRate = 1000 * 1e18 / 7200
Daily emission = emissionRate * 7200 = 1000 RAAC (intended)

  1. BSC (3s blocks) - 4x Higher Emission:

BLOCKS_PER_DAY = 7200 (hardcoded but wrong)
Actual daily blocks = 28800 (24*60*60/3)
If emissionRate = 1000 * 1e18 / 7200
Daily emission = emissionRate * 28800 = 4000 RAAC (4x higher!)

  1. Polygon (2s blocks) - 6x Higher Emission:

BLOCKS_PER_DAY = 7200 (hardcoded but wrong)
Actual daily blocks = 43200 (24*60*60/2)
If emissionRate = 1000 * 1e18 / 7200
Daily emission = emissionRate * 43200 = 6000 RAAC (6x higher!)

  1. L2s (variable block times) - Unpredictable:

BLOCKS_PER_DAY = 7200 (hardcoded but wrong)
Actual daily blocks = unpredictable
Daily emission = emissionRate * (unpredictable blocks) = unpredictable amount

Impact

  1. Economic Imbalance:

    • BSC: 4x higher emission rate than intended

    • Polygon: 6x higher emission rate than intended

    • L2s: Unpredictable emission rates

  2. Cross-Chain Arbitrage:

    • Users can exploit higher emission rates on faster chains

    • Creates unfair advantage for users on certain chains

  3. Token Supply Inflation:

    • Faster chains will mint tokens at much higher rates

    • Could lead to unexpected token supply growth

Tools Used

Manual review

Recommendations

Since BLOCKS_PER_DAY is a constant and cannot be changed, the contract should be redesigned to use time-based calculations instead of block-based:

contract RAACMinter {
uint256 public constant DAILY_EMISSION = 1000 * 1e18; // 1000 RAAC per day
function tick() external nonReentrant whenNotPaused {
uint256 timeElapsed = block.timestamp - lastUpdateTimestamp;
uint256 amountToMint = (DAILY_EMISSION * timeElapsed) / 1 days;
if (amountToMint > 0) {
excessTokens += amountToMint;
lastUpdateTimestamp = block.timestamp;
raacToken.mint(address(stabilityPool), amountToMint);
emit RAACMinted(amountToMint);
}
}
}

This solution would ensure consistent emission rates across all chains, regardless of their block times.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!