Inconsistent Voting Power Calculation in BoostController’s Vote Function
Summary
The BoostController contract incorrectly computes a user’s voting power in its vote function by using the raw token balance (balanceOf) rather than the time‐weighted voting power provided by getVotingPower. This leads to an inaccurate representation of a user’s effective voting power.
Vulnerability Details
In the vote function, the contract determines a user’s voting power with the following line:
However, the veRAACToken contract implements a time‐weighted voting power mechanism where the voting power decays over time based on the lock duration. The proper approach is to use the getVotingPower method (e.g., veRAACToken.getVotingPower(msg.sender, block.timestamp)), which takes into account both the amount locked and the remaining lock duration. By using balanceOf, the contract may overestimate the user’s current voting power, leading to gauge weight votes that do not accurately reflect the decaying nature of voting power.
Impact
Distorted Voting Influence: Users might be able to vote with an inflated voting power, potentially skewing gauge weight distribution.
Inaccurate Reward Allocation: As gauge weights determine emission rates and reward distribution, the miscalculation could lead to unfair or unintended reward allocations.
Tools Used
Manual Code Review
Recommended Mitigation
Update the vote function in the BoostController contract to compute voting power using the correct method. Replace the line:
with:
Lead Judging Commences
BaseGauge::_applyBoost, GaugeController::vote, BoostController::calculateBoost use balanceOf() instead of getVotingPower() for vote-escrow tokens, negating time-decay mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.