Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Vote Delay Enforcement in GaugeController

sparrow

Summary

GaugeController.sol contract defines a vote delay mechanism but fails to enforce it, allowing users to vote multiple times in rapid succession, potentially manipulating gauge weights and reward distributions.

Vulnerability Details

  • The contract defines constants for vote delay:

uint256 public constant VOTE_DELAY = 10 days;
mapping(address => uint256) public lastVoteTime;

  • However, in the vote() function, these mechanisms are never used:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
emit WeightUpdated(gauge, oldWeight, weight);
}

Impact

  • Users can vote multiple times without any time restriction

  • Potential for vote manipulation and reward distribution attacks

  • Undermines the entire voting mechanism's fairness

  • Could lead to unfair resource allocation in the protocol

Tools Used

  • Manual code review

Recommendations

  • Implement vote delay enforcement in the vote() function:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
// Add vote delay check
if (block.timestamp < lastVoteTime[msg.sender] + VOTE_DELAY)
revert VotingDelayNotElapsed();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
// Update last vote time
lastVoteTime[msg.sender] = block.timestamp;
emit WeightUpdated(gauge, oldWeight, weight);
}

  • Add a custom error for vote delay:

error VotingDelayNotElapsed();
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!