Incorrect Boost Multiplier Calculation
Summary
The function getBoostMultiplier() calculates the boost multiplier incorrectly, leading to inflated or inaccurate multipliers. This could result in users receiving an unfair advantage or the system failing to distribute boosts correctly.
Vulnerability Details
Vulnerable Code:
Problems:
-
The denominator
baseAmountis calculated asuserBoost.amount * 10000 / MAX_BOOST
If
userBoost.amountis less thanMAX_BOOST,baseAmountwill be too small, leading to inflated multipliers.
This could cause unexpected results where users get higher boosts than they should.
The formula does not properly scale the boost multiplier, making it inconsistent across different boost amounts.
Poc
1.Assume MAX_BOOST = 25000, and a user has userBoost.amount = 5000.
2.The function calculates baseAmount incorrectly.
3.Now, it calculates the multiplier:
4.Instead of a correct multiplier, the user gets the maximum boost unexpectedly.
Impact
Boost multipliers can be unfairly inflated, leading to imbalance in voting power.
Users could unintentionally receive more boost than intended.
Fix ensures correct multiplier scaling, preventing abuse.
Tools Used
Manual Review, Hardhat
Recommendations
Instead of computing a dynamic denominator, normalize the multiplier against MAX_BOOST
Lead Judging Commences
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.