Submission Details
Severity:
BaseGauge::_getBaseWeight implemented wrongly
_getBaseWeight function is a virtual function that should be overridden. In its present stage, it is wrong, as it aspires to get the weight of the account param passed, but returns the weight of the current address instead:
/**
* @notice Gets base weight for an account
* @dev Virtual function to be implemented by child contracts
* @param account Address to get weight for
* @return Base weight value
*/
function _getBaseWeight(
address account
) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this));
}
Recommendation
change address(this) into account param.
Updates
Lead Judging Commences
inallhonesty about 1 month ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
inallhonesty about 1 month ago
Submission Judgement Published Assigned finding tags:
BaseGauge._getBaseWeight ignores account parameter and returns gauge's total weight, allowing users to claim rewards from gauges they never voted for or staked in
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.