Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

BoostCalculator DoS due to incorrect value set in minBoost

holydevoti0n

Summary

The BaseGauge contract initializes minBoost with 18 decimals (1e18) while maxBoost is set to 25000 (2.5x with 4 decimals). This decimal mismatch causes maxBoost to be less than minBoost, leading to an arithmetic underflow in the BoostCalculator library when calculating the boost range.

Vulnerability Details

constructor(
address _rewardToken,
address _stakingToken,
address _controller,
uint256 _maxEmission,
uint256 _periodDuration
) {
...
// Initialize boost parameters
boostState.maxBoost = 25000; // 2.5x
@> boostState.minBoost = 1e18;
boostState.boostWindow = 7 days;

  • In BaseGauge.sol, minBoost is set to 1e18 (1 with 18 decimals)

  • maxBoost is set to 25000 (2.5x with 4 decimals, representing 2.5x as 25000 basis points)

  • The BoostCalculator.calculateBoost() function calculates boostRange = params.maxBoost - params.minBoost

  • Since 25000 < 1e18, this subtraction will revert due to underflow.

Impact

  • The boost calculation will always revert, making the gauge system completely unusable

  • Users will be unable to receive any boosted rewards, effectively breaking the core functionality of the gauge system

Tools Used

Manual Review

Recommendations

: The minBoost should be set using the same decimal precision as maxBoost (4 decimals for basis points). The correct initialization should be:

// Initialize boost parameters
boostState.maxBoost = 25000; // 2.5x in basis points
- boostState.minBoost = 1e18;
+ boostState.minBoost = 10000; // 1x in basis points (10000 = 100%)
Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

boostState.minBoost is set to 1e18

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.