`Boost::updateUserBoost` calculates boost based on a constant amount of `10000` rather than the `veToken balance`
Details
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/governance/boost/BoostController.sol#L187
The amount used in calculating the newBoost in Boost::updateUserBoost is a constant 10000, where as the docs clearly states that this amount should be based on the veToken balance of the user.
Impact
After the first update it becomes impossible to update users boost as oldBoost and newBoost will always be the same.
Also, wrong calculation for boostAmount.
Tools Used
Manual Review
Recommendations
A new variable should be introduced inside the function which tracks the veToken balance of the user and used in the calculation rather than 10000
Lead Judging Commences
BoostController::updateUserBoost uses hardcoded 10000 base amount, storing basis points instead of actual boosted amount
BoostController::updateUserBoost uses hardcoded 10000 base amount, storing basis points instead of actual boosted amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.