Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Implementation of _getBaseWeight Function

calc1f4r

Summary

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/gauges/BaseGauge.sol#L218

Incorrect Implementation of _getBaseWeight Function
The _getBaseWeight function is intended to return a user-specific base weight for an account, which is then used in the _applyBoost function to calculate a boosted weight for reward distribution. However, the current implementation does not fulfill this purpose. Instead of returning a weight specific to the provided account, it retrieves the total gauge weight from the GaugeController contract using IGaugeController(controller).getGaugeWeight(address(this)).

This implementation flaw has the following implications:

  • All users receive the same base weight (the gauge's total weight) regardless of their individual staking or voting activity, undermining the intended reward distribution logic that should vary per user.

  • The subsequent boost calculation in _applyBoost applies a multiplier to an incorrect base value, leading to incorrect reward allocations.

Vulnerability Details

function _getBaseWeight(address account) internal view virtual returns (uint256) {
return IGaugeController(controller).getGaugeWeight(address(this));
}

The root cause is a logical error in the function’s implementation: it uses getGaugeWeight(address(this)) instead of accessing user-specific data, such as _balances[account] or a metric derived from the GaugeController or staking system tailored to the account.

Impact

  • Users who stake more tokens or hold more voting power do not receive proportionally higher rewards, breaking the economic incentive model of the gauge system.

  • The boost mechanism, intended to reward veRAACToken holders, becomes less meaningful as it amplifies an incorrect base value, potentially reducing participation in staking or voting.

Functional Impact

  • The reward calculation in earned (getUserWeight(account) * (getRewardPerToken() - userStates[account].rewardPerTokenPaid) / 1e18) relies on accurate user weights. With a uniform base weight, rewards do not reflect individual contributions, rendering the system ineffective.

Recommendations

  • The boost calculation in _applyBoost, which uses veRAACToken balances to incentivize locking tokens, applies to an irrelevant base weight, misrepresenting user influence.

Remediation

function _getBaseWeight(address account) internal view virtual returns (uint256) {
return _balances[account];
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.