Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Minimum Delay Enforcement in the vote function (GaugeController.sol contract)

fiifihayford4

Summary:

While the contract defines a VOTE_DELAY constant (10 days) and tracks lastvoTeTime for users, it fails to enforce the delay between votes. The code does not check or update the lastVoteTime mapping during voting.

Vunearbility Details:

There's a VOTE_DELAY constant defined but not enforced in the vote function. Also the modifier isn't checking the lastVoteTime. The code in vote function doesn't check if the user has waited (VOTE_DELAY) since their last vote. Also there is no update in lastVoteTime mapping when during voting . Further more in the vote function, there's no check for lastVoteTime. The user can vote multiple times without waiting. But the comment says there's a required delay between votes. That's a discrepancy. The code doesn't enforce the VOTE_DELAY, which is a vulnerability. Users can vote multiple times in quick succession, potentially spamming or manipulating weights.

function vote(address gauge, uint256 weight) external override whenNotPaused {
//Existing checks (but no delay enforcement)
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
uint256 votingPower = veRAACToken.balanceOf(msg.sender);
if (votingPower == 0) revert NoVotingPower();
uint256 oldWeight = userGaugeVotes[msg.sender][gauge];
userGaugeVotes[msg.sender][gauge] = weight;
_updateGaugeWeight(gauge, oldWeight, weight, votingPower);
emit WeightUpdated(gauge, oldWeight, weight);
}

The fact that GaugeController.sol has a mapping lastVoteTime in it contract storage but doesn't use it in the vote function makes it a flaw in the contract logic.

mapping(address => uint256) public lastVoteTime;

Impact:

Attackers can spam votes to manipulate gauge weights, compromising the fairness of the governance system and centralize control by overriding others' votes before the delay period.

Tools Used: Manual review

Recommendations:

Add vote delay enforcement in the vote function.

function vote(address gauge, uint256 weight) external override whenNotPaused {
// Enforce vote delay
require(
block.timestamp >= lastVoteTime[msg.sender] + VOTE_DELAY,
"Vote delay not met"
);
lastVoteTime[msg.sender] = block.timestamp; // Update timestamp
// Existing checks
if (!isGauge(gauge)) revert GaugeNotFound();
if (weight > WEIGHT_PRECISION) revert InvalidWeight();
// ... rest of the code ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

GaugeController::vote never enforces VOTE_DELAY or updates lastVoteTime, allowing users to spam votes and manipulate gauge weights without waiting

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.