Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`BaseGauge::voteDirections` allows users to vote multiple times, allowing direction manipulation

77SecMentees

Summary

The abstract contract BaseGaugeis inherited by RAACGauge and RWAGauge, both rely on the voting system to adjust emissions and yield respectively. This is a core functionality.

Users lock RAAC Tokens to gain voting powers and be able to vote on governance using the ve-mechanism.

Vulnerability Details

The problem is that the voting mechanism is vulnerable to manipulation because it doesn't check for voters. This allows each address to vote multiple times and manipulate the result in their favor.

function voteDirection(uint256 direction) public whenNotPaused updateReward(msg.sender) {
if (direction > 10000) revert InvalidWeight();
uint256 votingPower = IERC20(IGaugeController(controller).veRAACToken()).balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
totalVotes = processVote(
userVotes[msg.sender],
direction,
votingPower,
totalVotes
);
emit DirectionVoted(msg.sender, direction, votingPower);
}

Impact

The RAACGaugeand the RWAGauge are vulnerable to some sort of "Governance Attack" and can have directions manipulated to address malicious needs. It will discourage users from locking RAAC Tokens as their vote power can be overpowered by any malicious user who decides to attack and vote multiple times

Tools Used

Code Review

Recommendations

Implement a vote control to limit voting per address. Or, at least, limit the number of votes per period.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!