Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inconsistent Boost Multiplier Documentation in `BoostController.sol`

0xcryptanu

Summary

MAX_BOOST is said to be 2.5x but allows for up to 5x.

Vulnerability Details

The documentation in the BoostController contract states that the maximum boost multiplier is 2.5x, as indicated by the MAX_BOOST constant set to 25000 basis points. However, the setBoostParameters() function allows setting a maximum boost multiplier up to 5x (50000 basis points). This discrepancy between the documentation and the actual functionality can lead to confusion and potential misuse of the contract.

The inconsistency is found in the following code snippet:

/// @notice Maximum boost multiplier (2.5x) in basis points
uint256 public constant MAX_BOOST = 25000;
function setBoostParameters(
uint256 maxBoost,
uint256 minBoost,
uint256 boostWindow
) external onlyRole(MANAGER_ROLE) {
if (maxBoost < minBoost) revert InvalidBoostAmount();
if (maxBoost > 50000) revert MaxBoostExceeded(); // Max 5x absolute limit
...
}

Impact

Undermines protocol integrity with code-docs Inconsistency.

Tools Used

Manual Review

Recommendations

To resolve this issue, ensure that the documentation accurately reflects the functionality of the contract. If the intention is to allow a maximum boost of 5x, update the documentation to reflect this. Alternatively, if the maximum boost should be limited to 2.5x, adjust the setBoostParameters() function to enforce this limit.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0xcryptanu Submitter
7 months ago
inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!