Slope can round down allowing a voting power forever
Summary
Slope can round down allowing a voting power forever
Vulnerability Details
One of the main ideas behind a voting contract is the fact that the voting power decays to 0 overtime. We have this piece of code to calculate the bias and slope of a lock:
The issue is that the slope can round down which is the amount of bias/power lost each second. Let's imagine some simple numbers:
duration= 11 (note that there are no limitations on the duration/unlock time of a lock)bias= 109slope= 109 / 11 = 9, rounded down
Now, in 12 seconds, the bias would be 109 - (12 * 9) = 1. That means that after the lock is over, the user will still have voting power, forever.
Impact
Voting power forever, completely breaks the idea behind voting contract.
Tools Used
Manual Review
Recommendations
Do not allow such round downs
Lead Judging Commences
VotingPowerLib::calculateAndUpdatePower results in zero slope for small amounts (<MAX_LOCK_DURATION), creating non-decaying voting power that violates linear decay mechanism
VotingPowerLib::calculateAndUpdatePower results in zero slope for small amounts (<MAX_LOCK_DURATION), creating non-decaying voting power that violates linear decay mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.