user weight and boost is wrong calculating
Summary
the function which get the user base weight is giving the wrong base weight and boost.
Vulnerability Details
in the function 'getUserWeight' in the BaseGuage.sol Contract it calculate the base weight of the user. which is public function. the function
in this function it call the '_getBaseWeight(account)' with the paramter which is passed by the user. then the function which is called
the parameter which is passed it should get passed to the getGaugeWeight not he address(this). address(this) refers to the contract instance not the account which i passed. that function get return the address and pass to the '_applyBoost'
where this function apply the boost which is calculated wrongly. this function should get user's current weight including boost
Impact
it can change the weight of the user and apply his boost wrongly which
Tools Used
manually
Recommendations
try to use the account which is passed in function argument not the address(this)
Lead Judging Commences
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.