Incorrect Boost Multiplier Calculation in getBoostMultiplier
Summary
The function getBoostMultiplier incorrectly calculates the boost multiplier due to a flawed formula. Instead of properly determining the multiplier based on the user’s veToken balance, it incorrectly derives a value that does not correctly reflect the intended boost mechanics.
Vulnerability Details
In getBoostMultiplier, the boost multiplier is computed as:
The
baseAmountcalculation incorrectly scalesuserBoost.amount, but the final division essentially cancels out the intended effect, returning an incorrect boost value.If
userBoost.amount == MAX_BOOST, thenbaseAmount = 10000, making the function returnuserBoost.amount, which is not a valid multiplier in basis points.
By contrast, the correct boost calculation is seen in calculateBoost:
This correctly computes the boost based on the user's veToken balance relative to the total supply.
Impact
The incorrect calculation could lead to misrepresented boost values, potentially allowing incorrect reward distributions or unintended behavior in the system.
Tools Used
Manual Review
Recommendations
Update
getBoostMultiplierto use a calculation similar tocalculateBoost, ensuring that the boost is based on the user’s veToken balance relative to total veToken supply.
Lead Judging Commences
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.