Reward Cap Logic Comparison in notifyReward function
Summary
The current implementation in BaseGauge::**notifyReward()** uses a strict greater-than (>) comparison, which may allow for unintended behavior when the total rewards equal the emission cap. This could lead to over-distribution of rewards, undermining the economic model of the gauge.
Vulnerability Details
Code Snippet
The problematic line of code is as follows:
Current Logic: The condition checks if the sum of the
amountbeing notified and the already distributed rewards (state.distributed) exceeds thestate.emission. If this condition is true, the transaction is reverted with theRewardCapExceedederror.Logical Flaw: The use of the greater-than (
>) operator means that if the total rewards equal the emission cap, the distribution will be allowed. This could lead to a situation where the total rewards distributed exactly match the cap, but any subsequent notifications could push the total over the limit.
3. Potential Consequences:
Allowing the total rewards to equal the emission cap could lead to unintended behavior, such as over-distribution of rewards.
This could violate the intended economic model of the gauge, potentially harming the interests of stakeholders and undermining the contract's integrity.
Recommendations
To resolve this issue, the condition should be updated to use the greater-than-or-equal-to (>=) operator. The corrected line should be:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.