Submission Details
Severity:
setBoostParameters() allows maxBoost to be set higher than MAX_BOOST
Description
setBoostParameters() allows maxBoost config to exceed MAX_BOOST value of 25000:
L39: /// @notice Maximum boost multiplier (2.5x) in basis points
L40: uint256 public constant MAX_BOOST = 25000;
and
File: contracts/core/governance/boost/BoostController.sol
369: function setBoostParameters(
370: uint256 maxBoost,
371: uint256 minBoost,
372: uint256 boostWindow
373: ) external onlyRole(MANAGER_ROLE) {
374: if (maxBoost < minBoost) revert InvalidBoostAmount();
375:@---> if (maxBoost > 50000) revert MaxBoostExceeded(); // Max 5x absolute limit
376: if (boostWindow < 1 days || boostWindow > 30 days) revert InvalidDelegationDuration();
377:
378: boostState.maxBoost = maxBoost;
379: boostState.minBoost = minBoost;
380: boostState.boostWindow = boostWindow;
381:
382: emit BoostParametersUpdated(maxBoost, minBoost, boostWindow);
383: }
Similarly, there is no check whether minBoost being set is greater than MIN_BOOST or not.
Impact
User may get higher/lower boost & hence reward than the protocol intended.
Mitigation
Change L375 to if (maxBoost > MAX_BOOST) revert MaxBoostExceeded(); Also add MIN_BOOST check.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.