Submission Details
Severity:
Incorrect base wight calculation in gauges
Summary
Users can provide liquidity to the guage and in exchange they will receive part of the rewards. The weight a user has in a gauge is determined by the base weight, associated to the staked amount and a boost determined according to the veToken holdings.
The current codebase is not properly calculating calculating the base weight assuming it to be the gauge weight in the controller instead of the user's staked amount:
function _getBaseWeight(
address account
) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this));
}
Vulnerability Details
Impact
Tools Used
Manual review.
Recommendations
Base weight is the staked amount.
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.