Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect voting power calculation in `GaugeController::function vote` ignores voting power decay

DRUGstore

Summary

The GaugeController's voting mechanism miscalculates user voting power by using static token balances instead of time-decayed voting power, enabling users to retain full voting weight indefinitely regardless of lock duration.

Vulnerability Details

When a user wants to make changes to a specific guage's weight, they call the following function:

function vote(

address gauge,

uint256 weight

) external override whenNotPaused {

if (!isGauge(gauge)) revert GaugeNotFound();

if (weight > WEIGHT_PRECISION) revert InvalidWeight();

uint256 votingPower = veRAACToken.balanceOf(msg.sender); //@audit this assumes voting power doesn't decay

if (votingPower == 0) revert NoVotingPower();

uint256 oldWeight = userGaugeVotes[msg.sender][gauge];

userGaugeVotes[msg.sender][gauge] = weight;

_updateGaugeWeight(gauge, oldWeight, weight, votingPower);

emit WeightUpdated(gauge, oldWeight, weight);

}

The veRAACToken contract implements time-decayed voting power through getVotingPower(), but the GaugeController incorrectly uses the static balanceOf() method. This returns the raw token amount without accounting for voting power decay over the lock duration.

This violates the protocol's core governance mechanism where voting power should diminish as locks approach expiration.

Impact

Users can maintain maximum voting power longer than what the protocol intends. The protocols intends for the votes to decay over the duration of the lock.

Tools Used

Manual review

Recommendations

Replace balanceOf with proper voting power calculation:

uint256 votingPower = veRAACToken.getCurrentVotes(msg.sender);

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BaseGauge::_applyBoost, GaugeController::vote, BoostController::calculateBoost use balanceOf() instead of getVotingPower() for vote-escrow tokens, negating time-decay mechanism

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.