GaugeController#distributeRevenue() does not account for rounding errors in _distributeToGauges()
Summary
The distributeRevenue() function updates the revenueShares[gaugeType] before calling _distributeToGauges(). However, due to integer division rounding errors, some undistributed amount remains.
Vulnerability Details
In distributeRevenue():
revenueShares[gaugeType]adds the full amount (veRAACShare).
_distributeToGauges(gaugeType, veRAACShare)distributes slightly less due to rounding.
Assume amount = 1000, and there are 3 active gauges with equal weights.
_distributeToGauges() has rounding errors:
gaugeShare = (1000 * 3333) / 10000 = 333 // Rounded down per gauge.
3 × 333 = 999 distributed.
1 unit remains undistributed.
This 1-unit difference accumulates over time, making the revenueShares inaccurate.
Impact
Incorrect Accounting: revenueShares[gaugeType] records a higher amount than actually distributed.
Tools Used
manual
Recommendations
Modify distributeRevenue() to only add the actually distributed amount to revenueShares[gaugeType].
Lead Judging Commences
GaugeController's _distributeToGauges function leaves revenue undistributed due to integer division truncation when calculating gauge shares
GaugeController's _distributeToGauges function leaves revenue undistributed due to integer division truncation when calculating gauge shares
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.