Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect Boost Calculations Due to Use of Current veToken Balance Instead of Time-Weighted Average

0xbz

Summary

The BoostCalculator library in the veRAACToken contract calculates boosts based on the current veToken balance rather than a time-weighted average. This allows users to manipulate their boosts by timing lock extensions or increases, leading to unfair advantages in reward distribution.

Vulnerability Details

The issue stem from calculateTimeWeightedBoost function in the BoostCalculator library.

The boost calculation relies solely on the current veToken balance (balanceOf(user)) and total supply (totalSupply()), without considering a time-weighted average of the user's voting power over the boost window.
This makes it possible for users to artificially inflate their boost multiplier by strategically extending or increasing their locks just before the boost calculation occurs.

Example Scenario :
- A user with a small lock can temporarily increase their veToken balance by locking additional tokens or extending their lock duration just before the boost calculation occurs.
- This temporary increase inflates their boost multiplier, allowing them to claim disproportionately higher rewards.
Reference:
In vote-escrow systems (e.g., Curve’s veCRV), boosts are often intended to reward long-term commitment. Using current balance allows users to "game" the system by temporarily inflating their veRAAC just before reward calculations, then reducing commitment afterward (though veRAACToken doesn’t allow reducing locks early without emergency mechanisms).
This undermines fairness because users with consistent long-term locks are penalized compared to those who manipulate timing.

Impact

Users can exploit the system by timing their actions to maximize their boost multiplier, leading to unfair reward distribution.
Inaccurate boost calculations could skew governance power, giving disproportionate influence to users who manipulate their locks.

Tools Used

Recommendations

Modify the BoostCalculator library to use a time-weighted average of the user's voting power over the boost window instead of the current balance.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BaseGauge::_applyBoost, GaugeController::vote, BoostController::calculateBoost use balanceOf() instead of getVotingPower() for vote-escrow tokens, negating time-decay mechanism

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.