Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Vote Power Lock in Deactivated Gauges

sparrow

Summary

In the GaugeController.sol, when a gauge is deactivated via toggleGaugeStatus(), users' voting power remains locked in the gauge. This creates a state where users cannot reclaim or reallocate their voting power until an admin reactivates the gauge.

Vulnerability Details

The toggleGaugeStatus function has proper access control:

function toggleGaugeStatus(address gauge) external onlyGaugeAdmin {
if (!isGauge(gauge)) revert GaugeNotFound();
gauges[gauge].isActive = !gauges[gauge].isActive;
emit GaugeStatusUpdated(gauge, gauges[gauge].isActive);
}

However, the function:

  • Only modifies the gauge's active status

  • Doesn't clean up existing votes in userGaugeVotes

  • Doesn't provide a mechanism for users to withdraw their votes
    This creates a situation where:

mapping(address => mapping(address => uint256)) public userGaugeVotes;

Still contains vote allocations for deactivated gauges, but users can't modify these votes because:

function vote(address gauge, uint256 weight) external override whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
// ... other checks ...
}

Will revert for deactivated gauges.

Impact

  • Vote Power Lock: Users' voting power becomes locked in deactivated gauges

  • Reduced Participation: Users have less voting power available for active gauges

  • Admin Dependence: Users must wait for admin action to reclaim their voting power

  • Protocol Imbalance: The total active voting power in the system is reduced

Tools Used

  • Manual code review

Recommendations

  • Add vote withdrawal functionality for deactivated gauges:

function withdrawVotesFromInactiveGauge(address gauge) external {
if (!isGauge(gauge)) revert GaugeNotFound();
if (gauges[gauge].isActive) revert GaugeStillActive();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
if (oldWeight == 0) revert NoVotesToWithdraw();
userGaugeVotes[msg.sender][gauge] = 0;
emit VotesWithdrawn(msg.sender, gauge, oldWeight);
}

  • Modify toggleGaugeStatus to handle existing votes:

function toggleGaugeStatus(address gauge) external onlyGaugeAdmin {
if (!isGauge(gauge)) revert GaugeNotFound();
bool newStatus = !gauges[gauge].isActive;
gauges[gauge].isActive = newStatus;
if (!newStatus) {
// Reset gauge weight when deactivating
gauges[gauge].weight = 0;
emit GaugeWeightReset(gauge);
}
emit GaugeStatusUpdated(gauge, newStatus);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.