Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing Validation for Minimum Vote Weight in `vote` Function

Fortis Audits

Summary

The GaugeController.sol contract defines a MIN_VOTE_WEIGHT constant, which sets the minimum allowable vote weight. However, the vote function does not enforce this constraint, allowing users to submit votes with a weight below the minimum requirement. This could lead to unintended behavior and manipulation of gauge voting.

Vulnerability Details

The vote function takes a weight parameter but only validates that:

  1. The gauge exists (isGauge(gauge)).

  2. The weight does not exceed WEIGHT_PRECISION.

  3. The caller has voting power (veRAACToken.balanceOf(msg.sender) > 0).

[https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/GaugeController.sol#L190 ]

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
// @audit-issue : Missing check for weight should not be less then MIN_VOTE_WEIGHT
@-> if (weight > WEIGHT_PRECISION) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
emit WeightUpdated(gauge, oldWeight, weight);

  • Missing Check: The function does not verify that weight is at least MIN_VOTE_WEIGHT.

    if (weight < MIN_VOTE_WEIGHT) revert WeightTooLow();

Impact

A user could submit a vote with weight = 0 or any value below MIN_VOTE_WEIGHT, which:

  • Might cause unexpected distribution of votes.

  • Could be exploited for strategic voting manipulation.

  • Might allow users to artificially shift voting results with low-impact votes.

Tools Used

Manual Review.

Recommendations

Modify the vote function to include a minimum weight check:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
++ if (weight < MIN_VOTE_WEIGHT) revert WeightTooLow();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
emit WeightUpdated(gauge, oldWeight, weight);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!