Submission Details
Severity:
Base Weight Retrieval Logic Error
Summary
The _getBaseWeight function incorrectly retrieves contract-level weights instead of account-specific weights, despite accepting an account parameter.
Vulnerability Details
Current implementation:
function _getBaseWeight(address account) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this));
}
The function ignores the provided account parameter and always returns the contract's weight.
Impact
Incorrect account-specific weight calculations
Potential errors in staking and voting mechanisms
Tools Used
Manual Code Review
Recommendations
Either use account parameter in weight retrieval:
return IGaugeController(controller).getGaugeWeight(account);Or remove misleading account parameter if contract-level weight is intended
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.