DOUBLE COUNTING LOCKED AMOUNT INCREASES VOTE POWER
Summary
The veRAACToken::increase() function incorrectly adds the amount to the total locked amount when calculating the new vote power, leading to double counting of tokens and inflated vote power.
Vulnerability Details
The veRAACToken::increase() function first increases the user's lock and then adds the amount and the current userLock.amount together when calculating the total locked amount. This results in double counting the locked tokens when calculating the user's new voting power, as both the original locked amount and the newly increased amount are included in the calculation.
The issue arises because the function adds amount and userLock.amount again in the voting power calculation, which leads to an inflated vote power. This means that if a user initially locks just 1 wei, they can then increase the lock by any amount, and the newBias and newPower calculations will mistakenly count that 1 wei twice.
Impact
The vulnerability allows users to artificially inflate their vote power by:
Locking a minimal amount (such as 1 wei) and then increasing it, leading to double counting of their locked tokens.
Gaining vote power disproportionate to the actual amount of tokens locked, potentially manipulating governance outcomes.
Tools Used
vscode
Recommendations
Ensure that the amount is not added again when calling the voting power update function. Instead, pass the updated lock amount directly, without adding it twice.
Lead Judging Commences
veRAACToken::increase doubles the voting power of users
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.