Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`BaseGauge::_updateWeights` - Updating of current period missing

0xnforcer

Summary

The BaseGauge::_updateWeights function does not properly update the current period. Instead, it always creates a new period, even when updating the existing period would be more appropriate. Additionally, the function relies on weightPeriod, which is not used anywhere else in the contract, and the function itself is not invoked anywhere in the contract.

Vulnerability Details

The BaseGauge::_updateWeights function is intended to update the weight tracking mechanism for the gauge. However, the way it is currently implemented results in only the creation of new periods, and the current period is never updated.

Issue with the if/else logic
The function contains the following logic:

/**
* @notice Updates weights for time-weighted average calculation
* @dev Creates new period or updates existing one with new weight
* @param newWeight New weight value to record
*/
function _updateWeights(uint256 newWeight) internal {
uint256 currentTime = block.timestamp;
uint256 duration = getPeriodDuration();
if (weightPeriod.startTime == 0) {
// For initial period, start from next period boundary
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
} else {
// For subsequent periods, ensure we're creating a future period
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
}
}

Both branches of the if statement execute the same code, making the check redundant. Instead, the function should distinguish between updating the current period and creating a new one.

Unused weightPeriod
The function modifies weightPeriod, but this variable is never referenced elsewhere in the contract.

Function is unused
The _updateWeights function is not called anywhere in the contract.

Impact

  • The current period is never updated with new values.

  • The function is effectively redundant and should either be used or removed.

  • The weightPeriod variable is not contributing to the logic, leading to confusion.

Tools Used

Manual review

Recommendations

  • Modify _updateWeights to differentiate between updating an existing period and creating a new one.

  • Ensure that weightPeriod is correctly used elsewhere in the contract or remove it if unnecessary.

  • Integrate _updateWeights into relevant parts of the contract or remove the function if it is not needed.

A potential fix could be:

function _updateWeights(uint256 newWeight) internal {
uint256 currentTime = block.timestamp;
uint256 duration = getPeriodDuration();
if (currentTime <= weightPeriod.endTime) {
// Update current period
TimeWeightedAverage.updateValue(weightPeriod, newWeight, currentTime);
} else {
// Create a new period
uint256 nextPeriodStart = ((currentTime / duration) + 1) * duration;
TimeWeightedAverage.createPeriod(
weightPeriod,
nextPeriodStart,
duration,
newWeight,
WEIGHT_PRECISION
);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.