Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Validation in BaseGuage::setBoostParameters Allows Invalid Boost Range, Potentially Impacting Reward Calculations

cz_moose

Summary

The BaseGuage::setBoostParameters function fails to validate that minBoost is less than maxBoost. This can lead to an inconsistent boost range, potentially causing inaccurate reward calculations or unintended behavior in boost-based reward mechanisms.

Vulnerability Details

Vulnerability location: BaseGuage::setBoostParameters

  • The function allows minBoost to be greater than or equal to maxBoost without any checks.

  • An inverted boost range may break logic in functions that rely on minBoost and maxBoost for calculating rewards or user weights.

contract BaseGuage{
// ...
@> function setBoostParameters(uint256 _maxBoost, uint256 _minBoost, uint256 _boostWindow) external onlyController {
boostState.maxBoost = _maxBoost;
boostState.minBoost = _minBoost;
boostState.boostWindow = _boostWindow;
}
// ...
}

Impact

Since the RAACGuage and RWAGauge inherit the BaseGauge contract, both contracts are impacted by this issue. This issue results in incorrect boost calculation and, thus, incorrect reward calculation

Tools Used

  • Manual review

Recommendations

function setBoostParameters(uint256 _maxBoost, uint256 _minBoost, uint256 _boostWindow) external onlyController {
+ require(_minBoost < _maxBoost, "minBoost must be less than maxBoost");
boostState.maxBoost = _maxBoost;
boostState.minBoost = _minBoost;
boostState.boostWindow = _boostWindow;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.