Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential DOS Attack via `voteDirection()` Leading to Governance Disruption

daniel526

The voteDirection() function allows users to cast votes that influence the gauge's reward distribution. However, there is no restriction on how frequently a user can change their vote, leading to a Denial-of-Service (DoS) attack where a malicious user spams votes to congest storage updates and increase gas costs, making it impractical for other users to participate.

Relevant code:

function voteDirection(uint256 direction) public whenNotPaused updateReward(msg.sender) {
if (direction > 10000) revert InvalidWeight();
uint256 votingPower = IERC20(IGaugeController(controller).veRAACToken()).balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
totalVotes = processVote(userVotes[msg.sender], direction, votingPower, totalVotes);
emit DirectionVoted(msg.sender, direction, votingPower);
}

Exploit scenario:

  1. A malicious user continuously calls voteDirection() with slightly different values (e.g., alternating between 5000 and 5001).

  2. Each call triggers processVote(), modifying totalVotes and updating userVotes[msg.sender].

  3. Since there is no cooldown or gas-efficient structuring, each vote forces expensive storage writes, congesting the network and making voting costly for other users.

  4. Legitimate users are either priced out due to high gas costs or face reverted transactions due to excessive state changes.

Impact:

A single malicious user can disrupt governance by inflating gas costs, making it impractical for others to vote.

Mitigation:

Implement a cooldown period (e.g., 24 hours) per user to prevent rapid, repeated voting.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.