Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`getBoostMultiplier` function in BoostController contract will always return MAX_BOOST which is incorrect.

tadev

Summary

getBoostMultiplier function in BoostController contract is defined as follows:

function getBoostMultiplier(address user, address pool) external view override returns (uint256) {
if (!supportedPools[pool]) revert PoolNotSupported();
UserBoost storage userBoost = userBoosts[user][pool];
if (userBoost.amount == 0) return MIN_BOOST;
// Calculate actual boost multiplier in basis points
uint256 baseAmount = userBoost.amount * 10000 / MAX_BOOST;
return userBoost.amount * 10000 / baseAmount;
}

The problem arises because no matter what userBoost.amount value is, this function will always return MAX_BOOST.

Indeed, the computation is userBoost.amount * 10000 / baseAmount which is the same as userBoost.amount * 10000 / userBoost.amount * 10000 / MAX_BOOST which equals MAX_BOOST.

Impact

The impact of this issue can be considered medium as getBoostMultiplier function never returns the correct value.

Tools Used

Manual review.

Recommendations

Make sure to properly implement the logic of getBoostMultiplier function to return the correct boost associated with a user.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!