Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

`_totalSupply` variable can be inflated, leading to less rewards for regular users in `BaseGauge`

kirobrejka

Summary

_totalSupply variable can be inflated, leading to less rewards for regular users. This is possible due to it's use in the computation of rewards in `BaseGauge`

Vulnerability Details

The _updateReward eventually calls the earned function, which looks like this:

function earned(address account) public view returns (uint256) {

return

((getUserWeight(account) *

(getRewardPerToken() -

userStates[account].rewardPerTokenPaid)) / 1e18) +

userStates[account].rewards;

}

As seen in this block of code, it calls the getRewardPerToken function, which looks as it follows:

function getRewardPerToken() public view returns (uint256) {

if (totalSupply() == 0) {

return rewardPerTokenStored;

}

return

rewardPerTokenStored +

(((lastTimeRewardApplicable() - lastUpdateTime) *

rewardRate *

1e18) / totalSupply());

}

As seen here, the totalSupply is used for division, which can be used by malicious user with the following attack:

User wants to get his rewards and calls getReward function
Malicious user sees his transaction in the mempool and frontruns him by getting a big flash loan, and then calling the stake function, inflating the totalSupply variable this way

This will lead to user receiving less rewards than he should

Impact

User will receive less than deserved rewards because of the malicious user

Tools Used

Manual Review

Recommendations

Apply a slippage protection to practically any function that calls the earned and getRewardPerToken functions. This will ensure that users are not deprived from the proper rewards they should receive

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

kirobrejka Submitter

6 months ago

inallhonesty Lead Judge

6 months ago

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BaseGauge reward system can be gamed through repeated stake/withdraw cycles without minimum staking periods, allowing users to earn disproportionate rewards vs long-term stakers

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.