wrong earned logic in `BaseGauge`
Summary
In the BaseGauge contract, users can stake tokens and receive rewards. However, the reward calculation is based on voting power in the VACCToken, rather than the actual amount of tokens staked in the gauge. This removes the incentive to stake tokens, as rewards are not tied to the user's staked balance.
Relevant Code
Vulnerability Details**
1. Misaligned Incentive Mechanism
The rewards are not calculated based on
_balances[msg.sender](staked tokens) but instead on the voting power inVACCToken.This means a user who stakes more tokens does not necessarily earn more rewards.
A user with high voting power but no staked may will receive more rewards than someone with a large stake but no voting power.
2. Discourages Staking
Since staking does not directly affect rewards, users may avoid staking in the gauge altogether.
Impact
Reduced Participation: Users are less likely to stake if rewards are not tied to their staked amount.
Unfair Reward Distribution: A user with no stake but high voting power may earn disproportionate rewards.
Tools Used
Manual Review
Recommendations
Decide how you want to give rewards, based on voting power or staking, and remove the unnecessary logic.
Lead Judging Commences
BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates
BaseGauge::earned calculates rewards using getUserWeight instead of staked balances, potentially allowing users to claim rewards by gaining weight without proper reward checkpoint updates
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.