Core Contracts

Vulnerability Details

It is repeatedly mentioned that the voting power must linerly decay. Parts of the system correctly account for this by calling veRAACToken::getVotingPower(). Which calls VotingPowerLib::getCurrentPower() which accounts for the decay. As an example of it there is Governance::castVote(), here.

But other parts of the system, like the GaugeController or the BaseGauge that all gauges use does not account for this as it interprets the veRAACToken::balanceOf() as the voting power. But this is not true as balanceOf() does not account for the linear decay.

• See for example the GaugeController::vote() function here.

• Another example the BaseGauge::voteDirection() function here.

Note that balanceOf() in veRAACToken() is never overriden or added additional logic to account for the linear decay. Parse the token contract with function balanceOf( to realize.

The balance of veToken is not rebalancing, it is just an accounting to see how many tokens the user has locked. See all _mint() and _burn() calls to understand this. It is not a representation of voting power, that is why the getVotingPower() function exists.

Impact

Voters have more power than they should when voting on the GaugeController or Gauges as the decay is not applied.

Currently all implementations of BaseGauge just do super.voteDirection(), so the flawed logic of the base will execute.
See here one, and here the other.

Recommendations

Account for the linear decay when using voting power using the aforementioned veRAACToken::getVotingPower() function instead of the balance.