Boost Multiplier Calculation Issue
Summary
The getBoostMultiplier function in the contract contains a issue where the boost multiplier calculation always returns MAX_BOOST if userBoost.amount > 0 and MIN_BOOST if userBoost.amount > 0 , leading to an incorrect boost determination. This makes it unfair for users that heve much boost amount and ones that have just "1".
Vulnerability Details
Affected Function:
BoostController:getBoostMultiplierIssue:
// Calculate actual boost multiplier in basis pointsuint256 baseAmount = userBoost.amount * 10000 / MAX_BOOST;return userBoost.amount * 10000 / baseAmount;This logic results in a division where
baseAmountcancels outuserBoost.amount * 10000, always returningMAX_BOOSTwhenuserBoost.amount > 0.
Impact
Loss of Intended Functionality: The function does not differentiate boost levels correctly.
Example of the current implementation:
-
Alice (userBoost.amount = 0) → Returns MIN_BOOST (as per function logic)
-
Bob (userBoost.amount = 1) → Returns MAX_BOOST
-
Charlie (userBoost.amount = 10000) → Returns MAX_BOOST
Recommendations
Correct the calculation to reflect the intended scaling
Conclusion
The current implementation of getBoostMultiplier results in all users receiving MAX_BOOST, rendering the function ineffective. Fixing the calculation will restore accurate boost determination and prevent potential manipulation.
Lead Judging Commences
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.