Boost Multiplier Always Returns Maximum Boost
Summary
The getBoostMultiplier function in the BoostController contract is intended to calculate a user’s boost multiplier based on their boost amount relative to the maximum boost. However, due to the current implementation, the function always returns the maximum boost multiplier (MAX_BOOST), regardless of the user’s actual boost value.
Vulnerability Details
The issue is found in the following code snippet:
Issue Explanation:
• Calculation Error: The variable baseAmount is computed as a scaled value of userBoost.amount relative to MAX_BOOST. However, when used in the return statement, the expression userBoost.amount * 10000 / baseAmount simplifies to always yield MAX_BOOST.
• Result: As a result, regardless of the actual boost calculation, any non-zero boost value results in the maximum boost multiplier being returned.
Impact
• Incorrect Boost Representation: Users always receive the maximum boost multiplier, which does not accurately reflect their individual boost levels.
• Distorted Reward Calculations: This miscalculation may lead to improper reward distributions or other downstream effects in the protocol’s economic model.
Tools Used
Manual
Recommendations
• Revise the Calculation: Update the boost multiplier calculation logic to accurately reflect the intended boost value. Consider recalculating the multiplier based on the proper proportion of the user’s boost amount relative to the total expected range.
Lead Judging Commences
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.