Missing Minimum Vote Weight Check in `GaugeController::vote`
Summary
The GaugeController::vote function allows users to vote on gauge weights without enforcing a minimum vote weight (MIN_VOTE_WEIGHT). This could lead to unintended behavior, such as users casting votes with negligible weight, which may not align with the protocol’s intended governance design.
Vulnerability Details
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/GaugeController.sol#L190
The function does not check whether the vote weight is above the required MIN_VOTE_WEIGHT, which is defined as:
As a result, users can submit votes with a weight of 0 or any other negligible value, which may cause issues in the voting system.
Impact
Users can cast votes with insignificant weight, potentially leading to manipulation or inefficiencies in gauge weight calculations.
Tools Used
Manual code review
Recommendations
Add a check to enforce MIN_VOTE_WEIGHT in the vote function:
Lead Judging Commences
GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise
GaugeController::vote lacks minimum weight validation, allowing votes below MIN_VOTE_WEIGHT (1%) despite documentation stating otherwise
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.