Incorrect gauge weight update in _updateGaugeWeight
Summary
Incorrect gauge weight update in _updateGaugeWeight
Vulnerability Details
Users can update their vote weight for one gauge. When voters update one gauge's weight, we will decrease this voter's previous voting power weight for this gauge and increase the newly voting power weight for this gauge.
We use the formula like this oldGaugeWeight - (oldWeight * votingPower / WEIGHT_PRECISION) + (newWeight * votingPower / WEIGHT_PRECISION). Here the formula can work based on one assumption. The voter's voting power does not change in these two voting.
If the voter's voting power changes between two voting transaction, the calculation for the previous voting power weight will be incorrect. This will cause that the final gauge's weight's calculation is incorrect.
For example:
Alice locks RAAC to mint veRAAC token, locking period is 1 year.
Alice votes for gauge A via her veRAAC token.
Alice extends veRAAC's locking period to 4 years. The contract will mint more veRAAC token for Alice.
Alice wants to update the gaugeA' vote. The calculation for the step 2's voting power weight is incorrect. This will cause that this gauge will get less weight than expected.
Impact
The calculation for gauge weight update may be incorrect if we extend the lock between two voting transaction.
Tools Used
Manual
Recommendations
Record the voter's last voting power.
Lead Judging Commences
GaugeController::_updateGaugeWeight uses current voting power for both old and new vote calculations, causing underflows when voting power increases and incorrect gauge weights
GaugeController::_updateGaugeWeight uses current voting power for both old and new vote calculations, causing underflows when voting power increases and incorrect gauge weights
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.