Incorrect Gauge Weight Calculation in _getBaseWeight
Summary
The _getBaseWeight function in the BaseGauge contract is intended to return the gauge weight of a specified account. However, the function incorrectly returns the gauge weight of the contract itself instead of the account, leading to inaccurate weight calculations.
Vulnerability Details
The function is currently implemented as follows:
• The function accepts an account parameter but mistakenly calls getGaugeWeight(address(this)), which returns the gauge weight of the contract rather than that of the specified account.
• This leads to incorrect gauge weight measurements, which could affect reward distributions or any processes that rely on accurate per-account gauge weight calculations.
Impact
• Inaccurate Gauge Weight: The gauge weight for each user is not accurately reflected, potentially skewing reward allocations and other related calculations.
• Misleading Metrics: Downstream systems that rely on gauge weight data might produce incorrect analytics, impacting decision-making and user confidence.
• Low Severity: While this issue does not pose a direct security risk, it can cause functional discrepancies within the protocol.
Tools Used
Manual
Recommendations
• Update the Function: Modify the function to use the account parameter when retrieving the gauge weight:
Lead Judging Commences
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.