Precision Loss in `notifyReward` Function Causes Unclaimable RewardToken
Summary
In the BaseGauge contract the notifyReward function suffers from precision loss when calculating the reward rate, leading to some rewards being locked and unclaimable.
Vulnerability Details
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/BaseGauge.sol#L369-L392
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/BaseGauge.sol#L349-L367
In the BaseGauge contract, there is a precision loss in the notifyReward function when calculating rewardRate, which results in some of the reward funds being locked in the contract and not being available for distribution. This leads to economic loss.
Clearly, the formulas rewardRate = amount / periodDuration; cause precision loss. This results in the final reward amount rewardRate* periodDuration being less than the amount actually passed to the notifyRewardAmount function. Since there is no suitable function to extract this remaining portion of funds, it causes economic loss.
Impact
The precision loss in the BaseGauge contract's notifyReward which calls the external function notifyRewardAmount function results in a portion of the reward funds being locked in the contract and unavailable for distribution
Tools Used
Manual Review
Recommendations
Add an admin function to extract the reward tokens that remain undistributed due to precision loss.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.