Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

getBoostMultiplier() in BoostController always returns MAX_BOOST if user boost amount is not 0

h2134

Summary

getBoostMultiplier() in BoostController always returns MAX_BOOST if user boost amount is not 0.

Vulnerability Details

getBoostMultiplier() calculates the current boost multiplier for a user as below:

BoostController::getBoostMultiplier()

// Calculate actual boost multiplier in basis points
uint256 baseAmount = userBoost.amount * 10000 / MAX_BOOST;
return userBoost.amount * 10000 / baseAmount;

To simplify:

boost multiplier = userBoost.amount * 10000 / (userBoost.amount * 10000 / MAX_BOOST)

boost multiplier = MAX_BOOST

Impact

Boost multiplier is incorrectly calculated.

Tools Used

Manual Review

Recommendations

Use BoostCalculator.calculateTimeWeightedBoost() to calculate boost multiplier.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.