The increase function in the veRAACToken contract lacks validation to ensure the total locked amount after increasing does not exceed MAX_LOCK_AMOUNT (10M RAAC), allowing a user to surpass this limit if their initial lock plus increase exceeds it. This fully valid medium-impact, medium-likelihood vulnerability could enable excessive locking, skewing voting power and boost calculations beyond intended protocol limits, potentially destabilizing governance or reward distribution.
The increase function adds to an existing lock without checking the resulting total against MAX_LOCK_AMOUNT:
lock checks amount > MAX_LOCK_AMOUNT (10M RAAC), but increase only calls _lockState.increaseLock, which lacks this check internally (assuming LockManager doesn’t enforce it).
No validation ensures userLock.amount + amount <= MAX_LOCK_AMOUNT.
Scenario:
User locks 9M RAAC via lock, below 10M limit.
Calls increase(2M); total becomes 11M RAAC.
No revert occurs, exceeding MAX_LOCK_AMOUNT, granting ~2.75M veRAAC (11M * 4 years / 1460 days).
Skews $10M governance voting or boosts (e.g., 27.5% unintended influence).
Analysis: The absence of a total limit check in increase (unlike lock) violates the protocol’s design constraint, allowing unbounded growth of individual locks, fully validating the vulnerability.
The ability to exceed MAX_LOCK_AMOUNT (e.g., 11M vs. 10M RAAC, adding $1M+ undue influence in a $10M pool) is a medium-impact issue, as it disrupts voting power fairness and boost calculations without direct fund loss, but affects governance integrity and reward distribution. The medium likelihood reflects the ease of execution by any user with an existing lock and sufficient RAAC, a plausible scenario in active governance participation.
Manual Code Review: Confirmed _lockState.increaseLock and subsequent logic lack validation of userLock.amount + amount against MAX_LOCK_AMOUNT,
Add validation to enforce MAX_LOCK_AMOUNT in increase:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.