Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inconsistent behavior between the _calculateBoost and calculateBoost functions

biakia

Summary

The _calculateBoost and calculateBoost functions in the BoostController contract exhibit inconsistent behavior regarding boundary handling for the calculated boostedAmount. While _calculateBoost enforces boundaries to ensure the boostedAmount does not exceed the maximum allowed boost (MAX_BOOST), calculateBoost does not perform any such boundary checks. This inconsistency could lead to unexpected behavior and potential vulnerabilities in the contract's boost calculation logic.

Vulnerability Details

The _calculateBoost function includes boundary checks to ensure the boostedAmount does not exceed the maximum allowed boost (MAX_BOOST) or fall below the base amount:

if (boostedAmount < amount) {
return amount;
}
uint256 maxBoostAmount = amount * MAX_BOOST / 10000;
if (boostedAmount > maxBoostAmount) {
return maxBoostAmount;
}
return boostedAmount;

However, the calculateBoost function does not include any boundary checks for the boostedAmount:

return BoostCalculator.calculateTimeWeightedBoost(
params,
userVotingPower,
totalVotingPower,
amount
);

Impact

  • Inconsistent Behavior: The _calculateBoost function ensures that the boostedAmount is within valid bounds, while calculateBoost does not. This inconsistency could lead to unexpected results when the two functions are used in different contexts.

  • Potential Overflow/Underflow: Without boundary checks, calculateBoost could return a boostedAmount that exceeds the maximum allowed boost or falls below the base amount, potentially causing issues in downstream logic.

  • Security Risks: If calculateBoost is used in critical calculations (e.g., reward distribution or voting power), the lack of boundary checks could lead to exploits or unintended behavior.

The impact is Low because the calculateBoost is not used in current repo, the likelihood is High, so the severity is Low.

Tools Used

Manual Review

Recommendations

To ensure consistency and prevent potential issues, the calculateBoost function should include the same boundary checks as _calculateBoost. Here is the updated code:

function calculateBoost(
address user,
address pool,
uint256 amount
) external view override returns (uint256 boostBasisPoints, uint256 boostedAmount) {
if (!supportedPools[pool]) revert UnsupportedPool();
// Get current weights without modifying state
(uint256 totalWeight, uint256 totalVotingPower, uint256 votingPower) = updateTotalWeight();
uint256 userVotingPower = veToken.getVotingPower(user, block.timestamp);
// Create parameters struct for calculation
BoostCalculator.BoostParameters memory params = BoostCalculator.BoostParameters({
maxBoost: boostState.maxBoost,
minBoost: boostState.minBoost,
boostWindow: boostState.boostWindow,
totalWeight: totalWeight,
totalVotingPower: totalVotingPower,
votingPower: votingPower
});
(boostBasisPoints, boostedAmount) = BoostCalculator.calculateTimeWeightedBoost(
params,
userVotingPower,
totalVotingPower,
amount
);
// Apply boundary checks to ensure boostedAmount is within valid range
if (boostedAmount < amount) {
boostedAmount = amount;
}
uint256 maxBoostAmount = amount * MAX_BOOST / 10000;
if (boostedAmount > maxBoostAmount) {
boostedAmount = maxBoostAmount;
}
return (boostBasisPoints, boostedAmount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.