veMNT Manual Review Findings

MNE-01M: Instant Arbitrage Opportunity

Type	Severity	Location
Logical Fault		veMNT.sol:L114

Description:

The veMNT::deposit function will re-calculate the new rate of a user as well as "reset" their last claim potentially to a point in the past. This permits the caller to perform a veMNT::deposit and be eligible for rewards immediately.

Impact:

The severity of this exhibit will be adjusted according to the action the Mantissa Finance team takes.

Example:

Copy
90function _getNewRate(
91    UserData memory user,
92    uint256 amount,
93    uint256 amountRate
94) internal view returns (uint256 newRate, uint256 newLastClaim) {
95    uint256 currentAmount = user.amount;
96    uint256 newAmount = currentAmount + amount;
97    newRate = ((currentAmount * user.veMntRate) + (amount * amountRate)) / newAmount;
98    if (newAmount > 0 && newRate > 0) {
99        newLastClaim = block.timestamp - ((currentAmount * user.veMntRate * (block.timestamp - user.lastClaim)) / (newAmount * newRate));
100    } else {
101        newLastClaim = block.timestamp;
102    }
103}

Recommendation:

We advise the calculations of veMNT::_getNewRate to be revised as they presently appear exploitable.

Alleviation (418ee413ad8e26f7eea383764c19953ff31b2bf3):

The Mantissa Finance team provided us with the mathematical formulas that essentially nullify any potential arbitrage that is presented due to how the newRate is calculated.

We validated these by performing a series of tests on the implementation of [veMNT::_getNewRate`](https://github.com/Mantissa-Finance/audit-v2/blob/418ee413ad8e26f7eea383764c19953ff31b2bf3/contracts/veMNT.sol#L90-L103) and identified that the final claim amount after the function will always converge to the previous claim amount but otherwise be lower, with the equilibrium point being a deposit equal to the existing amount of the user.

As such, we consider this exhibit nullified as the code behaves as expected by the Mantissa Finance team.