Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Early User can exploit boost calculation.

pavankv

Summary

The boost calculation is depend on the total supply of the veRAAC token which means early User can get more boost leads to higher boost for the ealry User and then as more user grows and total supply the boosted amount will be lower compare to early one.

Vulnerability Details

The function GaugeController::calculateBoost() calls -> BoostCalculator::calculateTimeWeightedBoost()

-> Internal CalculateBoost() fucntion to calculate the boostBasis point on the basis of votingPowerRatio and this will be calcuated to on basis of totalVeSupply of veRAAC Token it means if the totalVeSupply is lower at early stage then the user get more boostedBasisPoint than later stage in that totalSupply will be increased.

function calculateBoost(

uint256 veBalance,

uint256 totalVeSupply,

BoostParameters memory params

) internal pure returns (uint256) {

// Return base boost (1x = 10000 basis points) if no voting power

if (totalVeSupply == 0) {

return params.minBoost;

}

// Calculate voting power ratio with higher precision

uint256 votingPowerRatio = (veBalance * 1e18) / totalVeSupply;//@audit check here

// Calculate boost within min-max range

uint256 boostRange = params.maxBoost - params.minBoost;

uint256 boost = params.minBoost + ((votingPowerRatio * boostRange) / 1e18);

// Ensure boost is within bounds

if (boost < params.minBoost) {

return params.minBoost;

}

if (boost > params.maxBoost) {

return params.maxBoost;

}

return boost;

}

Impact

Early user get more boost than later users

Tools Used

HardHat , Manual View

Recommendations

Implement the gradual decay over time than instant boost and cap initial boost for low supply periods.

function calculateBoost(

uint256 veBalance,

uint256 totalVeSupply,

BoostParameters memory params,

uint256 InitialTimestamp,//@audit check here

uint256 currentTimestamp//@audit check here

) internal pure returns (uint256) {

if (totalVeSupply == 0) {

return params.minBoost; // Base boost if no voting power

}

// Voting Power Ratio Calculation

uint256 votingPowerRatio = (veBalance * 1e18) / totalVeSupply;

uint256 boostRange = params.maxBoost - params.minBoost;

uint256 rawBoost = params.minBoost + ((votingPowerRatio * boostRange) / 1e18);

// Apply Decay Factor (Reduces Early Boost Over Time)

uint256 DeltaTimestamp = currentTimestamp - InitialTimestamp;

uint256 decayFactor = DeltaTimestamp > params.boostWindow

? 1e18 // Fully decayed after the boost window

: (DeltaTimestamp * 1e18) / params.boostWindow; // Partial decay

uint256 adjustedBoost = params.minBoost + ((rawBoost - params.minBoost) * decayFactor) / 1e18;

// Enforce Maximum User Boost

if (adjustedBoost > params.maxUserBoost) {

return params.maxUserBoost;

}

return adjustedBoost;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.