Submission Details
Severity:
Anyone can call `GauageController.sol::distributeRewards()` function.
Summary
In GauageController.sol anyone can call distributeRewards() function, increamenting the reward amount of a gauge, the actual behaviour should be, it's only be called by admin.
function distributeRewards(
address gauge
) external override nonReentrant whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (!gauges[gauge].isActive) revert GaugeNotActive();
uint256 reward = _calculateReward(gauge);
if (reward == 0) return;
IGauge(gauge).notifyRewardAmount(reward);
emit RewardDistributed(gauge, msg.sender, reward);
}
Vulnerability Details
Missing access modifier in disitributeRewards() function.
Impact
Guage reward allocation can be arbitraly increase by anyone.
notifyRewardAmount()function in BaseGauge.sol, doesn't implement any check how frequent it should be called.Which means whenever this function is called new reward will be allocated to gauge, without admin consent.
Tools Used
Manual
Recommendations
Implement access modifier in distributeRewards() function.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
GaugeController's distributeRewards lacks time-tracking, allowing attackers to repeatedly distribute full period rewards until hitting emission caps
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
GaugeController's distributeRewards lacks time-tracking, allowing attackers to repeatedly distribute full period rewards until hitting emission caps
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.