Incorrect Base Weight Retrieval in `_getBaseWeight` Function
Summary
The _getBaseWeight function claims to return the base weight for an account but instead retrieves the base weight for the contract itself (address(this)).
Vulnerability Details
The function is defined as:
Here, the function takes an account parameter but does not use it. Instead, it calls getGaugeWeight with address(this), which retrieves the base weight for the contract rather than for the specified account.
Impact
Any logic that depends on _getBaseWeight(account) for account-specific calculations will be incorrect, potentially leading to miscalculations in staking rewards, voting power, or other weight-based operations.
Tools Used
Manual Code Review
Recommendations
If the intention is to fetch the base weight for a specific account, the function should pass
accountto thegetGaugeWeightfunction, assuming the external contract supports per-account weight retrieval.If the function is only meant to retrieve the gauge weight for the contract itself, the misleading
accountparameter should be removed to avoid confusion.
Lead Judging Commences
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.