Summary

The _mintRAACRewards function in the StabilityPool contract suffers from inconsistent state updates, leading to potential reward miscalculations and race conditions. If multiple users interact with the function in quick succession, the contract may distribute incorrect reward amounts due to outdated or overwritten state variables.

Vulnerability Details

Root Cause

Lack of State Synchronization: The function does not update or verify state variables before minting rewards.

Race Condition: If multiple users invoke the function simultaneously, they may receive incorrect reward calculations due to outdated state values.

Reentrancy Risk: If rewardToken.mint allows external calls, an attacker may reenter the function and manipulate totalRewardsDistributed.

Attack Scenario

Victim calls _mintRAACRewards, and calculateRaacRewards returns 100 tokens.

Attacker front-runs with a new deposit, shifting the reward distribution.

Before the victim’s transaction finalizes, the attacker calls _mintRAACRewards and claims an inflated reward.

Victim’s transaction completes, but now the reward pool is already drained due to incorrect state updates.

Impact

Incorrect Reward Distribution: Honest users may receive fewer rewards than expected.

Reward Pool Drain: Attackers can exploit the state inconsistency to drain the reward pool.

Potential Contract Instability: Unchecked reentrancy could lead to contract failure or excessive reward minting.

Tools Used

Manual

Recommendations

Use Checks-Effects-Interactions Pattern

Update state variables before executing external calls: