Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Wrong Implementation in `_updateWeights`

bambooboo

Summary

The _updateWeights function in BaseGauge.sol does not handle the initial period differently from subsequent periods, despite an if-else clause intended to do so. Both branches of the conditional statement execute the same logic, making the distinction redundant and potentially misleading.

Vulnerability Details

In BaseGauge.sol#L185, the _updateWeights function contains an if-else clause that appears to differentiate between the initial period and subsequent periods. However, both branches execute identical logic, as seen in the code snippet below:

function _updateWeights(uint256 newWeight) internal {
uint256 currentTime = block.timestamp;
uint256 duration = getPeriodDuration();
if (weightPeriod.startTime == 0) {
// For initial period, start from next period boundary
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
} else {
// For subsequent periods, ensure we're creating a future period
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
}
}

Both the if and else branches compute nextPeriodStart using the same formula and call TimeWeightedAverage.createPeriod with identical parameters. This redundancy suggests either an incorrect implementation or unnecessary complexity.

Impact

  • Code Maintainability: The redundant if-else structure makes the code harder to understand and maintain, as it suggests a distinction that does not actually exist.

  • Potential Logic Error: If different logic is required for the initial period, the current implementation fails to account for it, which could lead to unintended behavior.

  • Gas Inefficiency: The extra condition check adds a minor but unnecessary computational cost to function execution.

Tools Used

Manual code review.

Recommendations

  • If there is no actual difference between the initial and subsequent periods, remove the redundant if-else clause and simplify the function:

function _updateWeights(uint256 newWeight) internal {
uint256 currentTime = block.timestamp;
uint256 duration = getPeriodDuration();
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
}

  • If the intention was to handle the initial period differently, introduce logic that truly differentiates between the two cases. For example, the initial period might require an immediate start rather than waiting for the next period boundary.

  • Conduct further testing to confirm whether the intended behavior aligns with the actual implementation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!