Submission Details
Severity:
When setting the boostParameters in the BoostCOntroller.sol you can set the maxBoost to 5x, which is strongly forbidden and it can only exceed to 2.5x
Summary
When setting the boostParameters in the BoostCOntroller.sol you can set the maxBoost to 5x, which is strongly forbidden and it can only exceed to 2.5x
Vulnerability Details
The whole gauge controllers are using Max_Boost 25 000, but in the BoostController this can be change to 50 000.
As the protocool stated the RAAC protocol It implements Curve-style boost mechanics, which the maxim value of MAX_BOOST is 25 000.
function setBoostParameters(uint256 maxBoost, uint256 minBoost, uint256 boostWindow)
external
onlyRole(MANAGER_ROLE)
{
if (maxBoost < minBoost) revert InvalidBoostAmount();
if (maxBoost > 50000) revert MaxBoostExceeded(); // Max 5x absolute limit
//@audit the max boost has to be 2.5x, not 5x
if (boostWindow < 1 days || boostWindow > 30 days) revert InvalidDelegationDuration();
boostState.maxBoost = maxBoost;
boostState.minBoost = minBoost;
boostState.boostWindow = boostWindow;
emit BoostParametersUpdated(maxBoost, minBoost, boostWindow);
}
Impact
Miss behaviour
Tools Used
Recommendations
change the if check with
if(maxBoost > 25000) revert MaxBoostExceeded()
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.