Submission Details
Severity:
onlyController functions never called in GaugeBase
Vulnerability Details
Some onlyController modifier functions are never called by the GaugeController on BaseGauge.
Impact
To check this just parse in the GaugeController for any call to these function names, there is none. And GaugeController is not upgradeable.
Controller code.
Unability to set the emission rate through:
setEmission()Same with
setInitialWeight()Same with
updatePeriod()Same with
setBoostParameters()
Recommendations
Add a way to call them through the expected GaugeController
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
Appeal created
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
GaugeController::updatePeriod doesn't call the gauge's updatePeriod function, preventing periodState.distributed from resetting and eventually causing distributeRewards to permanently fail
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.