GaugeController Fails to Transfer Rewards Before Notification
Summary
The GaugeController contract is responsible for distributing rewards to gauges. However, a critical bug prevents rewards from being properly distributed. Specifically, the GaugeController does not transfer reward tokens to the gauge before calling notifyRewardAmount(). As a result, the reward distribution fails and reverts due to an insufficient balance check.
Vulnerability Details
Issue
The distributeRewards() function in GaugeController calls IGauge(gauge).notifyRewardAmount(reward) but does not transfer the reward tokens beforehand. This leads to a revert in notifyRewardAmount() due to the following check:
Since the reward tokens were never transferred, the balance remains zero, causing the function to revert.
Code Snippet
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/GaugeController.sol#L323
Impact
No rewards are distributed to gauges, making the staking mechanism ineffective.
Tools Used
Manual code review
Recommendations
** Transfer Rewards Before Notifying the Gauge**
Modify distributeRewards() to send the reward to the gauge before calling notifyRewardAmount()
Lead Judging Commences
GaugeController notifies gauges of rewards without transferring tokens in both distributeRewards and _distributeToGauges functions, breaking reward distribution
GaugeController notifies gauges of rewards without transferring tokens in both distributeRewards and _distributeToGauges functions, breaking reward distribution
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.