Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Wrong minBoost in BaseGauge

ChainDefenders

Summary

In the BaseGauge contract, the minBoost parameter is incorrectly initialized to 1e18 in the constructor. The correct value should be 10000. This issue affects the applyBoost functionality, as the calculateBoost function will always return 1e18. Additionally, the minBoost value cannot be updated via setBoostParameters because only the controller can call this function, and the controller does not expose this functionality.

Vulnerability Details

The minBoost parameter is set to 1e18 in the constructor, which is inconsistent with the expected value of 10000. This discrepancy causes the calculateBoost function to return 1e18 by default, as the minBoost value is used in its calculations. Since 1e18 is significantly larger than the intended 10000, the boost mechanism will not function correctly.

Furthermore, the setBoostParameters function, which could be used to update the minBoost value, is restricted to the controller role. However, the controller does not provide a function to call setBoostParameters, making it impossible to update the minBoost value after deployment.

Impact

The incorrect initialization of minBoost has the following consequences:

Incorrect Boost Calculations: The calculateBoost function will return 1e18 instead of the expected 10000, leading to improper boost calculations.
Protocol Malfunction: The boost mechanism will not function as intended, potentially affecting user rewards and incentives.
Lack of Updatability: The inability to update the minBoost value through the controller exacerbates the issue, as the protocol cannot be corrected without manual intervention.

Tools Used

Manual review

Recommendations

To resolve this issue, take the following steps:

Correct the Initialization of minBoost:
Update the minBoost initialization in the BaseGauge constructor to the correct value of 10000. This ensures that the boost mechanism functions as intended from the moment the contract is deployed.

constructor(
address _rewardToken,
address _stakingToken,
address _controller,
uint256 _maxEmission,
uint256 _periodDuration
) {
rewardToken = IERC20(_rewardToken);
stakingToken = IERC20(_stakingToken);
controller = _controller;

// Initialize roles
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_grantRole(CONTROLLER_ROLE, _controller);

// Initialize boost parameters
boostState.maxBoost = 25000; // 2.5x
boostState.minBoost = 10000; // Corrected value
}
Expose setBoostParameters in the Controller:
Ensure that the GaugeController contract includes a function to call setBoostParameters in the BaseGauge contract. This allows authorized parties to update the boost parameters when necessary.

For example, add the following function to the GaugeController:

function setGaugeBoostParameters(
address gaugeAddress,
uint256 maxBoost,
uint256 minBoost
) external onlyGaugeAdmin {
require(gaugeAddress != address(0), "Invalid gauge address");
BaseGauge(gaugeAddress).setBoostParameters(maxBoost, minBoost);
}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

boostState.minBoost is set to 1e18

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.