Core Contracts

Summary

The _getBaseWeight function is incorrectly returning the weight of the contract itself (address(this)) instead of the weight of the specified user account (account). This causes the getUserWeight function to return the same weight for all users, breaking the core functionality of user-specific weight calculations.

Note:

If only the contract address (address(this)) is registered as a gauge in the GaugeController contract, then the function and its comments should be addressed to clarify its purpose. Currently, the comments suggest that the function should return the base weight for a specific account, but the implementation does not align with this behavior.

Vulnerability Details

• Affected Function: _getBaseWeight

• Issue: The function calls IGaugeController(controller).getGaugeWeight(address(this)), which retrieves the weight of the contract instead of the specified account.

• Impacted Function: getUserWeight relies on _getBaseWeight to calculate user-specific weights, but due to this bug, it returns the same weight for all users.

• Code Snippet:

Impact

1. Loss of User-Specific Data:

   • Every user receives the same weight (the contract's weight), making it impossible to differentiate between users.

2. Broken Core Functionality:

   • The getUserWeight function, which is likely used for critical operations like governance, staking, or rewards distribution, will return incorrect results.

3. Potential Exploitation:

   • Users may lose trust in the system or exploit the flaw if they realize the weights are not calculated correctly.

4. System-Wide Consequences:

   • If this function is used in other parts of the system (e.g., voting, rewards), the entire system could be compromised.

Tools Used

• Manual code review.

Recommendations

1. Fix the Implementation:

   • Update the _getBaseWeight function to return the weight of the specified account instead of the contract's weight.

   • Corrected Code: