Users can create positions with power != 0 and slope = 0, thus having the voting power forever
Summary
When lock function is called in the veRAACToken.sol, the power and slope of the user is calculatd. But the user can manipulate the calculation such that the power != 0 and the slope = 0. This violates the expectation of the protocol that the voting power of a user will linearly keep reducing till power = 0.
Vulnerability Details
Assume the following scenario:
1. user locks position with amount = 1.2e8 and duration = MAX_LOCK_DURATION
2.Power = amount * duration / MAXLOCKDURATION = amount = 1.2e8
3.Slope= power/duration = 1.2e8/1.26e8 = 0
Basicall as long as amount < 1460 days, the slope = 0 and user can have voting power forever.
Impact
user can manipulate the slope to make slope = 0
Tools Used
manual review
Recommendations
add the following check in the veRAACToken.sol
if(slope == 0) revert;
Lead Judging Commences
VotingPowerLib::calculateAndUpdatePower results in zero slope for small amounts (<MAX_LOCK_DURATION), creating non-decaying voting power that violates linear decay mechanism
VotingPowerLib::calculateAndUpdatePower results in zero slope for small amounts (<MAX_LOCK_DURATION), creating non-decaying voting power that violates linear decay mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.