Missing Gauge Activity Check in `vote` Function
Summary
The vote function in the contract allows users to allocate their voting power to a specific gauge. However, there is no check to ensure that the gauge is active before allowing a vote. This could lead to votes being cast on inactive or deprecated gauges.
Vulnerability Details
The function vote(address gauge, uint256 weight) currently verifies:
If the gauge exists (
isGauge(gauge)).If the weight is within valid bounds (
weight > WEIGHT_PRECISION).If the user has sufficient voting power (
veRAACToken.balanceOf(msg.sender) > 0).
However, it does not check whether the gauge is currently active. This omission could result in users unintentionally allocating voting power to a non-functional gauge, leading to governance inefficiencies or manipulation.
Impact
Users may vote for gauges that are no longer eligible for voting.
Inactive gauges may still receive weight, reducing the effectiveness of governance decisions.
Potential risk of malicious actors directing votes toward gauges that should not be used.
Tools Used
Manual code review
Recommendations
-
Introduce a
isGaugeActive(gauge)function to verify that the gauge is currently active. -
Modify the
votefunction to include an additional check:if (!isGaugeActive(gauge)) revert GaugeInactive();
Lead Judging Commences
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.