Core Contracts

Summary

Three functions intended for interaction with the BaseGauge - BaseGauge::setBoostParameters, BaseGauge::updatePeriod, and BaseGauge::setInitialWeight - are never actually invoked by the BoostController. While setInitialWeight is set in the constructor (making it possibly obsolete), the other two (setBoostParameters and updatePeriod) also remain uncalled. As a result, critical gauge parameters and periods cannot be modified at runtime, rendering these functions effectively dead code.

Vulnerability Details

BaseGauge::setBoostParameters and BaseGauge::updatePeriod are restricted to the BoostController yet never referenced within the BoostController contract, preventing any runtime adjustments to these parameters.
BaseGauge::setInitialWeight is assigned in the constructor, implying one-time initialization, but remains uncalled externally, suggesting it may be old code.

Because these functions are never called, adjustments intended for dynamic boost parameters or gauge update intervals cannot be executed. This locks the system into the initial settings defined at contract deployment.

Impact

The lack of invocation leads to static parameters for gauge weights and periods. Operators cannot update or optimize these values post-deployment, which can limit protocol flexibility, make the gauge system unresponsive to changing conditions, and potentially result in misaligned incentives or reduced functionality.

Tools Used

Manual Review

Recommendations

Implement the relevant functions in the BoostController contract to enable runtime adjustments to gauge parameters and periods.