Ambiguity in defaultGaugePointFunction for Exact Threshold Condition
Vulnerability Details
The defaultGaugePointFunction in the GaugePointFacet contract contains a logical branch that handles the adjustment of gauge points based on the percentage of deposited BDV relative to an optimal percentage. However, there is an edge case that is not explicitly handled: when the percentage of deposited BDV is exactly on the threshold (neither above the UPPER_THRESHOLD nor below the LOWER_THRESHOLD). In this scenario, the function does not specify any action,
Impact
The function's behavior is undefined when the input is exactly on the threshold, leading to potential unpredictability in its execution.
Without an explicit return statement for this edge case, the function may revert due to the lack of a return value, causing transactions to fail.
If gauge points are not updated correctly, it could impact the distribution of rewards or incentives, leading to economic discrepancies within the platform.
Tools Used
Manual review
Recommendations
The function should be updated to explicitly handle the edge case where the percentage of deposited BDV is exactly on the threshold. A clear return statement should be added to ensure that currentGaugePoints are returned as newGaugePoints without modification in this case.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.