Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

`GaugeController::vote` Doesn't Check Weight if Its Below `MIN_VOTE_WEIGHT`

0xdarko

Summary

In GaugeController::vote it checks if the users' passed in weight is greater than WEIGHT_PRECISION which is the max allowed, but it does not check if it's below MIN_VOTE_WEIGHT allowing a user to cast a vote with weight that is unacceptable.

Vulnerability Details

[](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/GaugeController.sol#L90)

[](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/GaugeController.sol#L192)

The contract defines a minimum vote weight constant:

uint256 public constant MIN_VOTE_WEIGHT = 100; // 1% minimum vote

However, in the vote function, only the maximum weight is checked:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
// Missing: if (weight < MIN_VOTE_WEIGHT) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
...
}

Impact

The contract defines MIN_VOTE_WEIGHT = 100 (1%) as a core invariant, but fails to enforce it in the vote function. This allows users to cast votes with weights less than 1%, directly violating the protocol's intended minimum vote weight requirement.

Tools Used

Foundry

Recommendations

Add the minimum weight check in the vote function:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
+ if (weight < MIN_VOTE_WEIGHT && weight != 0) revert InvalidWeight(); // Allow 0 if removing votes is needed
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.