Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Users can vote more than expected

x1485967

Summary

Users can vote more than expected

Vulnerability Details

In GaugeController, the veRAAC holders can vote for different gauges via voting power. The holders can choose the weight between 0 and 10000 to vote for the gauge. Then the gauge's weight will be increased with votingPower * weight. One holder can vote for different gauges with different weight. The total weight is 10_000. Holders can choose to split the total weight to different gauges.

The problem here is that holders' voting weight can exceed 10_000. We don't check the total voting weight one voter vote. For example, one holder can vote for different gauges with 10_000.

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
}

Impact

Voters can vote more weights than expected.

Tools Used

Manual

Recommendations

Check the total vote weight for one voter.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!