Gauge Activity Validation Omission
Summary
The vote function lacks crucial validation for gauge activity status, allowing users to allocate voting power to potentially inactive or deprecated gauges. This oversight could compromise governance effectiveness and voting power allocation.
Vulnerability Details
The current vote(address gauge, uint256 weight) implementation validates:
Gauge existence through
isGauge(gauge)Weight threshold via
weight > WEIGHT_PRECISIONVoter eligibility using
veRAACToken.balanceOf(msg.sender) > 0
However, the function fails to verify the gauge's active status, potentially enabling:
Votes on deprecated gauges
Allocation to non-functional voting endpoints
Misuse of voting power
Impact
Possible vote allocation to ineligible gauges
Reduced governance system effectiveness
Potential exploitation of inactive gauge voting
Tools Used
Manual code review
Recommendations
Implement gauge activity verification:
if (!isGaugeActive(gauge)) revert GaugeInactive();Add dedicated
isGaugeActive(gauge)function for status checksConsider adding gauge lifecycle management mechanisms
Lead Judging Commences
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.