Missing Minimum Vote Weight Check in GaugeController::vote Function
Summary
The vote function allows users to allocate their voting power to a specific gauge. However, the function does not enforce a minimum vote weight, even though the contract defines it.
Without a minimum threshold, users can submit votes with an extremely low weight (e.g., 1 unit) which can inflate voter participation metrics, cause unnecessary gas usage, and open the system to vote spam attacks.
Vulnerability Details
The contract defines a minimum vote weight requirement, but does not enforce it in the vote function.
Users can submit votes with extremely low weights (e.g., 1 unit), leading to inefficient gas usage and spamming.
Impact
It allows insignificant votes that do not contribute meaningfully to governance.
Tools Used
Manual Review
Recommendations
Modify the vote function to include a minimum vote weight check using MIN_VOTE_WEIGHT.
Lead Judging Commences
GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise
GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.