Incorrect Voting Power Calculation Using Token Balance
Summary
In the vote function of the GaugeController contract, the voting power of a user is calculated by calling veRAACToken.balanceOf(msg.sender). This approach is flawed because a user’s actual voting power may differ from their token balance. The contract should instead use veRAACToken.getVotingPower(msg.sender) to accurately reflect the user’s voting weight.
Vulnerability Details
The relevant code snippet is as follows:
• Incorrect Metric:
Using balanceOf returns the raw token balance, which may not accurately represent a user’s voting power if factors such as lock durations, vesting schedules, or other adjustments are applied.
• Expected Behavior:
The function should retrieve the user’s voting power via a dedicated method (e.g., getVotingPower) that incorporates any relevant adjustments, ensuring that voting and reward distributions are accurately calculated.
Impact
• Inaccurate Voting Calculations:
Relying solely on the token balance may lead to incorrect gauge weight updates, which in turn could distort voting outcomes and reward allocations.
• Operational Inconsistencies:
The discrepancy between raw token balance and actual voting power might result in unintended biases or misallocation of voting influence.
Tools Used
Manual
Recommendations
• Use Accurate Voting Power Retrieval:
Replace the call to veRAACToken.balanceOf(msg.sender) with veRAACToken.getVotingPower(msg.sender) to ensure that the user’s effective voting power is correctly considered.
Lead Judging Commences
BaseGauge::_applyBoost, GaugeController::vote, BoostController::calculateBoost use balanceOf() instead of getVotingPower() for vote-escrow tokens, negating time-decay mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.