Submission Details
Severity:
the _getBaseWeight returns incorrect weight leading to incorrect reward calculations
Summary
The _getBaseWeight returns a fixed weight rather than user weight.
Vulnerability Details
The getBaseWeight returns the the weight for an account
/**
* @notice Gets base weight for an account
* @dev Virtual function to be implemented by child contracts
* @param account Address to get weight for
* @return Base weight value
*/
function _getBaseWeight(address account) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this));
}
This however has been implemented incorrectly, instead of returning the weight of an account (user), it returns a fix value of a gauge weight.
This will lead to an incorrect reward calculation in the earned function when called to update reward.
Impact
Incorrect base wight leads to incorrect reward calculations
Tools Used
Manual review
Recommendations
Return the gauge of an account instead of the gauge weight.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.