Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Unrestricted Access to Rewards Distribution

waydou

Summary

The distributeRewards function in the GaugeController contract can be called by any address at any time, since the _calculateReward will return the same value, an attacker can call the funciton multiple times and notify the gauge with multiple fake rewards.

Vulnerability Details

function distributeRewards(
address gauge
) external override nonReentrant whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (!gauges[gauge].isActive) revert GaugeNotActive();
uint256 reward = _calculateReward(gauge);
if (reward == 0) return;
IGauge(gauge).notifyRewardAmount(reward);
emit RewardDistributed(gauge, msg.sender, reward);
}

The issues:

No access control on who can call the function
No cooldown between distributions
Anyone can trigger reward distributions at any time
Multiple calls in the same block are possible

Impact

Inflation of reward tracking for gauges which can break the rewarding system.

Tools Used

Manual Review

Recommendations

Add access control and distribution timing constraints.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController's distributeRewards lacks time-tracking, allowing attackers to repeatedly distribute full period rewards until hitting emission caps

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController's distributeRewards lacks time-tracking, allowing attackers to repeatedly distribute full period rewards until hitting emission caps

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.