Core Contracts

Summary

The _getBaseWeight function is intended to return the base weight for a specific account. However, instead of using the provided account parameter, it erroneously retrieves the gauge weight for the contract itself (address(this)). This leads to incorrect weight calculations and, consequently, inaccurate reward distributions.

Vulnerability Details

• Affected Function:

  function _getBaseWeight(address account) internal view virtual returns (uint256) {

  return IGaugeController(controller).getGaugeWeight(address(this));

  //@audit-issue this was supposed to get weight if the account but it is doing address(this)

  }

  ​

• Issue:
  The function always returns the gauge weight of the contract (address(this)) instead of the weight associated with the specified account.

• Expected Behavior:
  The function should call:

  return IGaugeController(controller).getGaugeWeight(account);

  ​

  This would correctly retrieve the base weight for the given account.

Impact

• Incorrect Reward Distribution:
  Inaccurate base weight calculations may lead to rewards being distributed improperly, affecting both user incentives and the overall integrity of the reward system.

• System Misbehavior:
  Any mechanisms or decisions dependent on accurate user weight (e.g., vote weight, boost calculations) will be compromised, potentially leading to broader protocol issues.

Tools Used

• Manual Code Review

Recommendations

1. Correct the Implementation:
   Replace address(this) with the account parameter in the _getBaseWeight function. The updated function should be:

   function _getBaseWeight(address account) internal view virtual returns (uint256) {

   return IGaugeController(controller).getGaugeWeight(account);

   }

   ​