Core Contracts

Summary

The PowerCheckpoint library in the veRAACToken contract stores checkpoints for voting power but only records the initial voting power (bias) at the time of creation. It does not account for the decay of voting power over time, leading to incorrect historical voting power values. This discrepancy affects governance snapshots and proposal voting, as the stored checkpoints do not reflect the actual voting power at a given timestamp.

Vulnerability Details

The issue lies in the writeCheckpoint function within the PowerCheckpoint library.

• When a checkpoint is written, it stores the current voting power (bias) without considering the decay that occurs over time.

• The calculatePowerAtTimestamp function in the VotingPowerLib library correctly calculates the decayed voting power, but this logic is not applied when writing checkpoints.

• As a result, the stored checkpoints represent the initial voting power at the time of creation, rather than the actual voting power at any given timestamp.

Impact

• Governance snapshots rely on accurate historical voting power values. If checkpoints do not account for decay, the recorded voting power will be inflated compared to the actual value at the time of the snapshot.

• his could lead to unfair voting outcomes, as users may appear to have more voting power than they actually possess at the time of a proposal snapshot.

• Malicious actors might exploit this flaw by manipulating their voting power around the time of a snapshot to gain undue influence over governance decisions.

Tools Used

Recommendations

• Modify the writeCheckpoint function to store the decayed voting power instead of the initial bias.

• Use the calculatePowerAtTimestamp function from the VotingPowerLib library to calculate the decayed voting power before storing it in the checkpoint.