Incorrect Boost Application Due to Fixed Base Amount
Summary
The _calculateBoost function incorrectly applies the boost multiplier to a fixed amount (10000) instead of the user's actual stake. While the boost multiplier is correctly determined based on the user's veToken balance, the boosted amount is always derived from this fixed value, leading to inaccurate reward calculations.
Vulnerability Details
In the updateUserBoost function, the new boost is determined using:
This calls _calculateBoost, which calculates the boost multiplier correctly but applies it to a hardcoded 10000 instead of the user's actual balance.
Within calculateTimeWeightedBoost:
Since amount is always 10000, the boosted amount is effectively just boostBasisPoints, rather than being proportional to the user's actual stake. This means the boost is not properly scaled to individual user balances.
Impact
The boost multiplier is correctly calculated but does not apply to the user's real stake, leading to miscalculated rewards.
Users with larger veToken balances do not receive appropriately scaled boosts, while smaller holders get disproportionate boosts.
The intended mechanics of the boost system are compromised, leading to unfair reward distribution.
Tools Used
Manual Review
Recommendations
Modify
_calculateBoostto use the user's actual stake instead of10000.Ensure
calculateTimeWeightedBoostapplies the boost multiplier to the user's real balance.
Lead Judging Commences
BoostController::updateUserBoost uses hardcoded 10000 base amount, storing basis points instead of actual boosted amount
BoostController::updateUserBoost uses hardcoded 10000 base amount, storing basis points instead of actual boosted amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.