Core Contracts

Because the RAAC code never cross-checks or subtracts a user’s veRAAC used for governance from the gauge weighting or vice versa, the user can simultaneously apply the same entire veRAAC stake to both. This fosters double counting of locked tokens, letting large holders overshadow smaller participants in multiple directions. Implementing a partition or “one usage at a time” logic (or at least clarifying the expected behavior) is crucial to maintain fairness and align with typical DeFi norms where governance power used in gauge weighting cannot also be used for direct voting.

Overview

1. veRAACToken is the “vote-escrowed RAAC” used in:

   • Governance: The user’s getVotingPower(...) determines how many votes they cast on proposals in the Governance contract.

   • Gauge Weighting: The user’s veRAAC balance also influences gauge weighting (via GaugeController or direct calls in the gauge system).

2. No Deduction or Partition

   • In many protocols (e.g., Curve or Balancer’s voting escrow), once you stake your veTokens in “gauge weighting,” you either have less or zero left for general governance voting. The user must choose how to allocate their vePower.

   • In the RAAC code, the user can fully use veRAAC to vote in a governance proposal while also employing the same entire veRAAC to boost a gauge or cast gauge weights. No code or state references “deducting” or “splitting” the user’s balance across governance vs. gauge weighting.

3. Result: The user wields the same locked RAAC tokens for multiple separate influences:

   • 100% in governance proposals (like “proposalThreshold / quorum”),

   • and 100% for gauge weighting, awarding them (or a favored gauge) a large share of rewards or emissions distribution.

Impact

• Exaggerated Influence: A single user’s locked RAAC can shape governance votes (e.g., passing crucial proposals) while simultaneously controlling a disproportionate share in gauge weighting or reward distribution, effectively doubling the user’s real stake.

• Inconsistent with Typical “Trade-Off”: Commonly, protocols force a user to choose whether to use their veTokens for direct governance or for yield/gauge weighting. RAAC’s code omits that trade-off, allowing them to do both fully.

• Distorted Protocol Control: An attacker or large holder can accumulate veRAAC and then manipulate both governance outcomes and gauge emissions with the exact same tokens, overshadowing smaller participants.

Attack / PoC Scenario

1. User Gains veRAAC:

   • The user locks a large amount of RAAC, receiving 1 million veRAAC.

2. Governance Vote:

   • The user uses all 1 million veRAAC to surpass the proposal threshold or cast a huge “for” vote on a new proposal.

   • Because the code references veToken.getVotingPower(msg.sender), it sees the full 1 million tokens.

3. Gauge Weight:

   • In parallel, the user calls gaugeController.vote(gaugeA, 10000), effectively telling the system to allocate maximum weighting to a certain gauge. The user’s veRAAC is again counted fully in the gauge weighting logic, as no synergy code marks some portion as “used up” in governance.

Result: The same 1 million veRAAC is fully used in two distinct power contexts at once, doubling the user’s overall protocol influence.

Recommendation

1. Implement a “One Usage at a Time” Approach

   • Once a user invests their veRAAC in gauge weighting, reduce their governance vote power by that same portion. For instance, maintain a “gaugeAllocationBalance” sub-balance.

   • If the user wants to cast a governance vote using 1 million veRAAC, they must remove or reduce gauge weighting.

2. Partition or Weighted Approach

   • If partial usage is allowed, let the user specify how to split their veRAAC between governance and gauge weighting (e.g., 60% for governance, 40% for gauge). The code must track and ensure each portion sums to at most the user’s total.

3. Document If “Double Counting” Is Intentional

   • If the protocol is designed to let users fully participate in both governance and gauge weighting with the same tokens, clarify that in docs. Acknowledge it effectively doubles the user’s influence. Typically, that design is unusual in DeFi.