Submission Details
Severity:
Users Can Vote on Inactive Gauges, Wasting Voting Power
Relevant GitHub Links
Summary
The vote() function in GaugeController.sol lacks a check for gauge activity status, allowing users to waste voting power on inactive gauges.
Vulnerability Details
The GaugeController.vote() function only verifies if a gauge exists but not if it's active:
function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
// ... rest of function
}
Each gauge has an isActive boolean that can be toggled by admin:
struct Gauge {
uint256 weight;
uint256 typeWeight;
uint256 lastUpdateTime;
GaugeType gaugeType;
bool isActive; // Not checked in vote()
uint256 lastRewardTime;
}
Impact
Users can waste voting power on inactive gauges that won't receive rewards
Reduces governance effectiveness as votes get misallocated
Skews weight distribution in active gauges
Tools Used
Manual Review
Recommendations
Add activity check in the vote() function:
function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (!gauges[gauge].isActive) revert GaugeNotActive();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
// ... rest of function
}
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
GaugeController::vote allows users to waste voting power on inactive gauges that don't receive rewards
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.