Core Contracts

Summary

The veRAACToken contract sets the maximum lock duration for RAAC tokens at 1460 days to represent four years. However, given that a Gregorian year is approximately 365.2425 days, four years should more accurately be represented by roughly 1461 days—and some implementations even use 1462 days to account for rounding. This discrepancy could lead to slight inaccuracies in lock duration calculations and subsequently affect voting power computations.

Vulnerability Details

The contract defines the maximum lock duration as follows:

A common approximation is to use 365 days per year, resulting in 4 × 365 = 1460 days. However, the Gregorian calendar accounts for leap years, making the average year approximately 365.2425 days. Multiplying this by 4 yields roughly 1461 days. Some protocols round up further to 1462 days to provide a slight buffer. The current setting of 1460 days may understate the intended lock duration by about one day (or possibly two, depending on the rounding convention intended by the protocol).

Impact

• Inaccuracies in Lock Durations
  Users locking tokens for the maximum duration might receive a marginally shorter lock period than intended, potentially affecting their accrued voting power over time.

• Voting Power Calculations:**
  Since voting power is derived from the duration of the lock, a one- or two-day discrepancy might slightly alter the voting power computations, which could be significant when aggregated over many users.

Tools Used

• Manual code review

Recommended Mitigation

• Reevaluate the Maximum Lock Duration:
  Consider updating the constant to reflect a more accurate representation of four years. For example, if precision is desired:

  • Option 1: Set MAX_LOCK_DURATION to 1461 days, which is closer to the average Gregorian year calculation.

  • Option 2: If the protocol design prefers a slight buffer, consider 1462 days.