The `setInitialWeight` and `updatePeriod` functions are never called by the `GaugeController` contract
Summary
The BaseGauge contract manages periods using the setInitialWeight and updatePeriod functions, which can be called only by the controller. However, these functions are never called by the GaugeController contract.
Vulnerability Details
Regular updates occur through updatePeriod which uses:
Since:
the initial value is
0updatePerioduses the average of previous periodthere is no other way to set a non-zero value
setInitialWeightis never called by the controller
This means:
the system starts at
0calculates average of
0creates new period with that
0averagecontinues in a zero-value cycle
Impact
The TimeWeightedAverage periods in BaseGauge are not working as intended, leading to a broken cycle.
Recommendations
Ensure that the updatePeriod and setInitialWeight functions are called as intended.
Lead Judging Commences
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
Appeal created
`setWeeklyEmission`, `setBoostParameters`, `setEmission` and `setInitialWeight` cannot be called due to controller access control - not implemented in controller
GaugeController::updatePeriod doesn't call the gauge's updatePeriod function, preventing periodState.distributed from resetting and eventually causing distributeRewards to permanently fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.