wrong Initialize minBoost parameter
Summary
The minBoost value is incorrectly set to a value greater than maxBoost, leading to an arithmetic underflow when calculating the boostRange. This results in an invalid boostRange value and disrupts all dependent logic.
Vulnerability Details
In the code snippet below, the minBoost is initialized to 1e18 (1,000,000,000,000,000,000) while maxBoost is set to 25000:
When calculating boostRange, the subtraction maxBoost - minBoost is performed:
Since maxBoost (25,000) is smaller than minBoost (1e18), this operation will underflow. Solidity’s unchecked arithmetic (default in versions <0.8.0) would result in an extremely large positive value for boostRange, while in Solidity >=0.8.0, the transaction would revert entirely.
Impact
The whole system is broken because updating reward and calculating boost will revert. But admin can set right parameter by calling setBoostParameters.
Tools Used
manual
Recommendations
Lead Judging Commences
boostState.minBoost is set to 1e18
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.