Submission Details
Severity:
Incorrect calculation in getBoostMultiplier
Summary
In getBoostMultiplier() function of BoostController.sol
function getBoostMultiplier(
address user,
address pool
) external view override returns (uint256) {
if (!supportedPools[pool]) revert PoolNotSupported();
UserBoost storage userBoost = userBoosts[user][pool];
if (userBoost.amount == 0) return MIN_BOOST;
// Calculate actual boost multiplier in basis points
uint256 baseAmount = userBoost.amount * 10000 / MAX_BOOST;
return userBoost.amount * 10000 / baseAmount;
}
If userBoost.amount is very small, baseAmount will be 0 and the function will revert. (ex : userBoost.amount =1, or 2)
And by rounding issue, the result value will be greater than MAX_BOOST.
And the function returns always MIN_BOOST or MAX_BOOST.
Impact
By useless reverting, the functions that use this function might always revert.
The function always return MIN_BOOST or MAX_BOOST
Tools Used
Manual
Recommendations
Please check whether the logic is correct.
If correct, need to add baseAmount =0 validation and (result > MAX_BOOST) validation.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.