Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Variable shadowing when voting on direction

air

Summary

Voting direction is always equal to the user voting power.

Vulnerability Details

In BaseGauge.processVote() function , a parameter is named totalVotes which has the same name as the state variable totalVotes.

/// @notice Total votes across all users
// global state variable
uint256 public totalVotes;
...
function processVote(
VoteState storage vote,
uint256 direction,
uint256 votingPower,
@>> uint256 totalVotes
) internal returns (uint256) {
if (direction > 10000) revert InvalidWeight();
if (votingPower == 0) revert NoVotingPower();
uint256 newTotalVotes = totalVotes - vote.weight + votingPower;
vote.direction = direction;
vote.weight = votingPower;
vote.timestamp = block.timestamp;
return newTotalVotes;
}

Because the function parameter totalVotes has the same name as the state variable totalVotes, the global totalVotes is shadowed

As a result, when voteDirection is called with a value , it will always be equal to the user voting power regardless of the value used

Impact

Voting direction is always equal to the user voting power .

Tools Used

Manual Review

Recommendations

Rename the function parameter to avoid shadowing the global variable.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!