`emission` period can't be updated in the due the missing implementation in the `GaugeController`
Summary
The BaseGauge::setEmission can only be called by the controller address (GaugeController). This function is meant to set emission cap for the period. However, while the GaugeController has the necessary CONTROLLER_ROLE permissions, it lacks any implementation to actually call this function.
Vulnerability Details
The BaseGauge::setEmission function
has the onlyController modifier defined as:
In BaseGauge's constructor, the controller address is granted the CONTROLLER_ROLE:
Looking at the GaugeController contract, there isn't any direct function to call setEmission. Additionally, this function is not included in the IGauge interface that GaugeController uses to interact with gauges.
Impact
No mechanism exists to adjust the emission cap for the period, despite the contract being designed with this intention. The setEmission function becomes effectively unusable because the authorized controller has no way to call it.
Tools Used
Manual review
Recommendations
Add setEmission to the IGauge interface and implement the corresponding function in GaugeController.
IGauge.sol
GaugeController.sol
Lead Judging Commences
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.