Incorrect Application of Emission Cap: Blocking Revenue Distribution to Gauges
Summary
The revenue distribution logic mistakenly uses the reward emission cap to validate gauge share amounts. When calling notifyRewardAmount with gaugeShare, the function checks whether the amount exceeds the period's emission cap. If gaugeShare plus the already distributed amount surpasses state.emission, the function reverts. This means that even if revenue should be shared, gauges might receive no funds if their share is too high relative to the emission cap.
Vulnerability Details
Emission Cap Check Misalignment:
The notifyReward function contains the following checks:
These checks are meant to prevent rewards from exceeding the allowable emission for the period. However, because revenue sharing is separate from rewards, applying these checks to the revenue (gauge share) is incorrect.
Revenue Distribution Failure:
If gaugeShare (the amount intended for distribution to gauges) exceeds the remaining emission cap, the function will revert, preventing the intended revenue from being distributed. This effectively locks funds that should be available as revenue.
Impact
Locked Revenue:
Gauges will not receive their allocated revenue if gaugeShare exceeds the remaining emission cap, resulting in funds remaining locked in the contract.
Economic Imbalance:
The misapplication of the emission cap in revenue sharing disrupts the intended distribution model, potentially undermining stakeholder incentives and affecting the protocol's overall economic balance.
Tools Used
Manual Code Review: We examined the notifyReward and notifyRewardAmount functions and identified that the emission cap is incorrectly applied to revenue sharing.
Recommendations
Decouple Revenue Sharing from Reward Emission Cap:
Modify the revenue distribution logic so that revenue sharing for gauges is not subject to the emission cap (state.emission) used for rewards.
Adjust Validation Checks:
Remove or adjust the check if (amount + state.distributed > state.emission) in the context of revenue sharing to ensure that gauges can receive their intended revenue share without being blocked by the emission limits.
Lead Judging Commences
GaugeController::updatePeriod doesn't call the gauge's updatePeriod function, preventing periodState.distributed from resetting and eventually causing distributeRewards to permanently fail
GaugeController::updatePeriod doesn't call the gauge's updatePeriod function, preventing periodState.distributed from resetting and eventually causing distributeRewards to permanently fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.