Core Contracts

Summary

The GaugeController contract allows users to vote for gauges that are marked as inactive (isActive = false). This enables potential manipulation of gauge weights for inactive gauges, which can distort reward distribution if the gauge is later reactivated.

Vulnerability Details

Affected Code:

Explanation:
The vote() function does not check whether the target gauge is active (isActive = true). Users can vote for inactive gauges, and their voting power will still update the gauge’s stored weight in the gauges[gauge].weight state variable. While inactive gauges are excluded from reward calculations (via getTotalWeight(), which skips inactive gauges), their stored weight persists. If an admin later reactivates the gauge, its accumulated weight (from votes during inactivity) will immediately influence reward distribution, creating an unfair advantage.

Impact

Severity: Medium

Rationale:
An attacker could exploit this to:

1. Vote heavily for an inactive gauge (e.g., a deprecated gauge they control).

2. Convince/compromise an admin to reactivate the gauge.

3. Instantly gain disproportionately high rewards due to the pre-accumulated weight.
   This violates the intended system invariant: "Only active gauges should influence rewards."

Tools Used

• Manual code review

• Slither (to detect missing access controls/state checks)

Recommendations

Add Activity Check in vote():
Modify the vote() function to revert if the gauge is inactive:

Reset Weight on Deactivation:
When a gauge is deactivated (toggleGaugeStatus), reset its weight to zero to prevent legacy votes from affecting future calculations: