Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Unused variable in GaugeController may affect the voting system

0xbc000

Summary

In file contracts/core/governance/gauges/GaugeController.sol , there are 6 unused variable related to vote / rewards system.

/// @notice Required delay between votes
uint256 public constant VOTE_DELAY = 10 days;
/// @notice Minimum allowed vote delay
uint256 public constant MIN_VOTE_DELAY = 1 days;
/// @notice Maximum allowed vote delay
uint256 public constant MAX_VOTE_DELAY = 10 days;
/// @notice Minimum vote weight allowed
uint256 public constant MIN_VOTE_WEIGHT = 100; // 1% minimum vote
/**
* @notice Type weights and periods
* @dev Tracking for gauge type weights and their time periods
* typeWeights: Weight multipliers for each gauge type
* typePeriods: Period data for each gauge type
*/
mapping(GaugeType => uint256) public typeWeights;
mapping(GaugeType => Period) public typePeriods;

Vulnerability Details

Based on the comments and the documentation, the vote function is missing DELAY / WEIGHT / type check

/**
* @notice Core voting functionality for gauge weights
* @dev Updates gauge weights based on user's veToken balance
* @param gauge Address of gauge to vote for
* @param weight New weight value in basis points (0-10000)
*/
function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
emit WeightUpdated(gauge, oldWeight, weight);
}

Impact

Missing above checks for the vote / rewards function, an attacker could keeping to vote within 1 day and vote with any weight he/she wants.

The issue can impact the balance of the voting system and the rewards distribution logic.

Tools Used

Manual review

Recommendations

Adding checks in the vote function to make sure the cooling period and the weight is greater than the MIN_VOTE_WEIGHT

if (weight > 0 && weight < MIN_VOTE_WEIGHT) revert WeightBelowMinimum();
if (block.timestamp < lastVoteTime[msg.sender] + VOTE_DELAY) revert VoteTooFrequent();
lastVoteTime[msg.sender] = block.timestamp;
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.