Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Validation on Boost Parameters

kalii

Summary

The setBoostParameters function allows the controller to set boost parameters (maxBoost, minBoost, and boostWindow) without any checks or validation on the input values.

Vulnerability Details

The absence of input validation in setBoostParameters means there is no safeguard to prevent the assignment of values that could distort the boost calculation.

Impact

Without proper validation, the boost parameters can be set to extreme values. For example, setting maxBoost to an extraordinarily high value could lead to reward distributions that are far beyond intended levels, destabilizing the incentive system and potentially diluting rewards for other participants.

Recommendations

Add validation checks within setBoostParameters to enforce reasonable limits for each parameter. For example:

require(_maxBoost >= boostState.minBoost && _maxBoost <= `max boost limit `, "Invalid max boost");
require(_minBoost >= 1e18 && _minBoost <= min boost limit, "Invalid min boost");
require(_boostWindow >= boost window && _boostWindow <= boost window, "Invalid boost window");
These checks ensure that boost parameters remain within safe and intended bounds.
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.