Core Contracts

The `updateUserBoost()` function in the `BoostController.sol` directly sets the pool’s working supply to the new boost value `(poolBoost.workingSupply = newBoost)`, regardless of the pool's current status. This approach resets the working supply rather than incrementing it, potentially causing inaccuracies in the pool’s overall boost metrics.

​

After recalculating a user's boost, the function updates the pool's total boost and then sets the working supply with:

​

poolBoost.workingSupply = newBoost; // Set working supply directly to new boost

This line unconditionally assigns `newBoost` to `poolBoost.workingSupply`, disregarding previous contributions from other users in the pool. Ideally, the working supply should reflect cumulative boost changes rather than being reset each time a user's boost is updated.

​

Imagine a pool with several users contributing boosts. When one user updates their boost, the pool’s working supply is reset to that user’s new boost value rather than being incremented or adjusted cumulatively. Over time, the working supply may fluctuate erratically and fail to reflect the sum of boosts from all participants, leading to erroneous reward calculations and potential disputes.

​

Inaccurate Pool Metrics: The pool’s working supply may not accurately represent the aggregate boost across all users, leading to incorrect calculations in downstream processes.

Disruption of Reward Distribution: As pool working supply is often used to determine reward shares or fee distributions, resetting it with each update may result in misallocation of rewards.

Systemic Trust Issues: Inconsistent or unexpected pool metrics can undermine trust in the protocol’s economic model and governance.

Incremental Update: Modify the logic so that the pool’s working supply is updated incrementally based on the change in a user's boost rather than being reset to the new boost value. For instance:

​

​

if (newBoost >= oldBoost) {

} else {

}

​

Review Overall Pool Accounting: Ensure that the approach to updating both totalBoost and workingSupply correctly aggregates individual boosts to reflect the true state of the pool.

​

Implement Comprehensive Testing: Create unit tests simulating multiple boost updates from different users to verify that the pool’s working supply accurately reflects the cumulative boost over time.

​

By addressing these recommendations, the protocol can ensure that both user and pool boost calculations are accurate and reflective of actual participation, thereby preserving fairness in reward and fee distribution.

​