Submission Details
Severity:
incorrectly calculates the boostMultiplier(), in BoosterController.sol
Summary
The function getBoostMultiplier calculates the current boost multiplier for a user in a pool. However, the calculation is incorrect leading to inaccurate results.
Vulnerability Details
function getBoostMultiplier(
address user,
address pool
) external view override returns (uint256) {
if (!supportedPools[pool]) revert PoolNotSupported();
UserBoost storage userBoost = userBoosts[user][pool];
if (userBoost.amount == 0) return MIN_BOOST;
// @ audit incorrect baseAmount
uint256 baseAmount = userBoost.amount * 10000 / MAX_BOOST;
return userBoost.amount * 10000 / baseAmount;
}
Issue: Incorrect Denominator
The function currently calculates baseAmount as:
baseAmount = userBoost.amount * 10000 / MAX_BOOST;
The final return statement then divides by baseAmount:
return userBoost.amount * 10000 / baseAmount;
The denominator should always be MAX_BOOST, not baseAmount
Impact
Incorrect boost calculation, incorrect boost multipliers.
Users may get higher or lower rewards than expected.
Tools Used
Manual review
Recommendations
Replace:
return userBoost.amount * 10000 / baseAmount;
With:
return userBoost.amount * 10000 / MAX_BOOST;
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
BoostController::getBoostMultiplier always returns MAX_BOOST for any non-zero boost due to mathematical calculation error, defeating the incentive mechanism
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.