Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Immediate Type Weight Changes Enable Reward Manipulation

rorschach

Summary

Despite access control restrictions, the GaugeController allows gauge admins to modify type weights without any time delay or change magnitude limits. This enables potential manipulation of reward distributions through rapid weight changes.

Vulnerability Details

  • The setTypeWeight function has admin-only access:

function setTypeWeight(
GaugeType gaugeType,
uint256 weight
) external onlyRole(GAUGE_ADMIN) {
if (weight > MAX_TYPE_WEIGHT) revert InvalidWeight();
uint256 oldWeight = typeWeights[gaugeType];
typeWeights[gaugeType] = weight;
emit TypeWeightUpdated(gaugeType, oldWeight, weight);
}

  • These weights directly affect reward calculations:

uint256 typeShare = (typeWeights[g.gaugeType] * WEIGHT_PRECISION) / MAX_TYPE_WEIGHT;
return (periodEmission * gaugeShare * typeShare) / (WEIGHT_PRECISION * WEIGHT_PRECISION);

Problems:

  • No minimum delay between weight changes

  • No limits on change magnitude

  • Changes take effect immediately

  • No gradual transition period

Impact

  • Reward Manipulation: Admin can front-run (unintentionally) reward distributions with weight changes

Tools Used

  • Manual code review

Recommendations

  • Implement time delay for weight changes

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!