Core Contracts

Relevant Context

The BaseGauge contract implements a staking mechanism where users' reward weights are boosted based on their veToken holdings. The getRewardPerToken function is crucial for calculating the rate at which rewards are distributed.

Finding Description

In BaseGauge#getRewardPerToken, the reward rate calculation uses totalSupply() as the denominator, which represents the raw sum of staked tokens. However, the actual reward distribution is based on boosted weights from getUserWeight. This creates a mismatch between the reward rate calculation and the actual distribution of rewards.

The reward rate formula:

assumes that rewards should be distributed proportionally to staked amounts. However, since rewards are actually distributed based on boosted weights, this formula becomes incorrect when users have different boost multipliers.

Impact Explanation

High. This discrepancy leads to:

1. Incorrect reward rate calculations

2. Potential over-distribution of rewards when total boosted weight exceeds total supply

3. Unfair reward distribution that doesn't properly account for the boost system

Likelihood Explanation

High. This issue affects every reward distribution and becomes more severe as the disparity between users' boost multipliers increases.

Proof of Concept

Consider this scenario:

1. Total staked supply is 1000 tokens

2. User A stakes 500 tokens with 2x boost (effective weight 1000)

3. User B stakes 500 tokens with 1x boost (effective weight 500)

4. Total effective weight is 1500, but totalSupply() returns 1000

5. This causes reward rate to be calculated using 1000 as denominator instead of 1500

6. Results in 50% higher reward rate than intended

Recommendation

Maintain a separate total for boosted weights and use it in reward calculations:

This ensures reward rates accurately reflect the boosted weight system.