Unrestricted Emission Rate Update Function Leading to Race Condition Exploitation
Summary
The updateEmissionRate function in the RAACMinter contract is publicly callable without any access restrictions. This lack of control enables any user to trigger the update, potentially creating a race condition that can be exploited for personal gain.
Vulnerability Details
The updateEmissionRate function is designed to adjust the dynamic emission rate based on system utilization. However, it is only protected by the whenNotPaused modifier and does not incorporate any role-based access control. As a result, any external actor can call this function at any time. This unrestricted access can lead to a race condition where a user might call updateEmissionRate immediately before or during interactions with related functions (such as tick()), thereby affecting the emission rate calculation to their advantage.
Impact
If exploited, this vulnerability could allow malicious users to manipulate the emission rate to their benefit.
Tools Used
Manual code review
Recommended Mitigation
Automate Updates: Consider automating the emission rate update process using off-chain mechanisms (such as Chainlink Keepers) to remove the dependency on external calls that could be exploited.
Restrict Access: Modify the
updateEmissionRatefunction to include access control (for example, using a role-based modifier likeonlyRole(UPDATER_ROLE)) so that only authorized entities can trigger an update.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.