Incorrect constructor initialised value for boostState.minBoost causes denial of service in calculate boost if the controller doesn't alter the initial values
Summary
Incorrect boostState.minBoost value is set in the BaseGauge contract constructor.
Vulnerability Details
The docs state that boosState.minBoost should be set to 10000, however, the value is set to 1e18.
It also is clearly incorrect because maxBoost < minBoost, which doesn't make logical sense.
This will cause an underflow error whenever calculateBoost is called (given that the parameters haven't been set to different values by the controller through setBoostParameters.
The underflow error occurs due to the calculation:
Impact
Low
The controller can just alter the initial values through calling setBoostParameters, however, that doesn't mean the issue is non-existent.
Tools Used
Manual review
Recommendations
Set the initial value for minBoost correctly, as per the docs.
Lead Judging Commences
boostState.minBoost is set to 1e18
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.