Missing Controller Functions in GaugeController
Summary
Certain functions in the BaseGauge contract—namely setEmission, updatePeriod, setInitialWeight, and setBoostParameters—are designed to be callable only by the controller (i.e., the GaugeController). However, these functions are not implemented or accessible through the GaugeController contract. This breaks the intended governance model where the controller is responsible for updating key parameters and managing reward distribution.
Vulnerability Details
-
Intended Design:
In the BaseGauge contract, functions likesetEmission,updatePeriod,setInitialWeight, andsetBoostParametersare marked with anonlyControllermodifier. The accompanying comments clearly state that the controller (gauge controller) is expected to have the authority to call these functions to update critical parameters. -
Implementation Issue:
The GaugeController contract, which is meant to serve as the controller, does not implement these functions. As a result, it cannot call them to manage the gauge parameters as intended. -
Consequences:
Without these functions being callable by the GaugeController:Loss of Governance: The system loses its ability to update critical parameters such as reward emissions, period updates, initial gauge weights, and boost parameters.
Inflexibility: Any necessary adjustments to the reward distribution model or emergency updates cannot be executed through the controller.
Potential Economic Impact: If parameters cannot be updated as required, this may lead to misallocated rewards, locked funds, or other economic imbalances within the protocol.
Impact
-
Loss of Control:
The inability of the GaugeController to execute these functions prevents the intended governance over gauge parameters, hindering timely updates and necessary adjustments. -
Operational Risks:
The system becomes inflexible and less responsive to changing conditions or vulnerabilities, which could expose the protocol to further issues. -
Economic Risk:
Mismanagement of critical parameters (such as reward emissions and boost settings) may lead to incorrect reward distributions and potential financial losses for participants.
Tools Used
Manual Code Review: We analyzed the BaseGauge contract and the GaugeController contract, identifying that the GaugeController does not implement the critical functions designated for the controller role.
Recommendations
Implement Missing Functions in GaugeController:
Ensure that the GaugeController contract either directly implements or provides proxy access to the following BaseGauge functions:
-
setEmission -
updatePeriod -
setInitialWeight -
setBoostParameters -
Align Implementation with Documentation:
Verify and update the GaugeController contract so that its functionality matches the BaseGauge documentation, which explicitly states that these functions should be callable only by the controller (i.e., the GaugeController).
Lead Judging Commences
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
Appeal created
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
GaugeController::updatePeriod doesn't call the gauge's updatePeriod function, preventing periodState.distributed from resetting and eventually causing distributeRewards to permanently fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.