Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Reward Balance Check in NotifyRewardAmount

waydou

Summary

The notifyRewardAmount function in BaseGauge contract updates reward accounting and distribution state without requiring actual token transfer into the contract.

Vulnerability Details

function notifyRewardAmount(uint256 amount) external override onlyController updateReward(address(0)) {
// ...
uint256 balance = rewardToken.balanceOf(address(this));
if (rewardRate * getPeriodDuration() > balance) { // @audit Incomplete check
revert InsufficientRewardBalance();
}
// ...
}

the ['rewardRate](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/BaseGauge.sol#L388) is calculated as amount / periodDuration, this means
the rewardRate * getPeriodDuration() doesn't have to be bigger than balance as the balance also contains rewards from previous periods that weren't claimed

Impact

Contract might revert upon receiving rewards due the incorrect check.

Tools Used

Manual Review

Recommendations

The rewardRate calculation should take in consideration the total rewards unclaimed

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BaseGauge::notifyRewardAmount checks token balance without accounting for unclaimed rewards, allowing allocation of more rewards than available tokens

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BaseGauge::notifyRewardAmount checks token balance without accounting for unclaimed rewards, allowing allocation of more rewards than available tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.