GaugeController.vote() allows users to vote with more than 100% of their weight
Summary
GaugeController.vote() allows users to vote with more than 100% of their weight
Vulnerability Details
When vote() is called, the weight for input gauge is used as input parameter. However it is not taken into account how much weight the caller has already vote for, allowing anybody to vote for multiple gauges with 100% of their weight, leading to contract having votes much higher than expected.
Impact
The overall weight used for voting for gauges will be inflated as users can vote with the 100% of their weight for multiple pools.
Tools Used
Manual review
Recommendations
Add a mapping variable that counts how much of their weight the caller has already used, the total weight used for voting must never exceed 10000.
Lead Judging Commences
GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously
GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.