Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

No Total Weight Limit Per User Allows Vote Amplification in Gauge Voting

waydou

Summary

The GaugeController's voting mechanism allows users to specify weights up to WEIGHT_PRECISION (10000) for each gauge independently, without enforcing a total weight limit across all gauges. This enables users to amplify their voting power by assigning maximum weights to multiple gauges. I should also note that the variable `LastVoteTime` is not used.

Vulnerability Details

In the vote() function, users can assign arbitrary weights to each gauge:

function vote(address gauge, uint256 weight) external override whenNotPaused {

if (!isGauge(gauge)) revert GaugeNotFound();

if (weight > WEIGHT_PRECISION) revert InvalidWeight(); // Only checks individual weight

uint256 votingPower = veRAACToken.balanceOf(msg.sender);

if (votingPower == 0) revert NoVotingPower();

uint256 oldWeight = userGaugeVotes[msg.sender][gauge];

userGaugeVotes[msg.sender][gauge] = weight;

_updateGaugeWeight(gauge, oldWeight, weight, votingPower);

}

Since there's no check on the `LastVoteTime`, A user with voting power can:

Vote weight 10000 for Gauge A
Vote weight 10000 for Gauge B
Vote weight 10000 for Gauge C

Impact

This vulnerability allows Vote amplification by assigning maximum weight to multiple gauges, plus every user will be chosing the proper weight to maximize his voting power

Tools Used

Manual Review

Recommendations

Use the `LastVoteTime` and calculate the weight for each user in the contract

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

GaugeController::vote lacks total weight tracking, allowing users to allocate 100% of voting power to multiple gauges simultaneously

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.