Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

veRAACToken Snapshot Missing in Gauge Voting

johny7173

Summary

The vote function in GaugeController.sol determines a user's voting power based on their current veRAACToken balance. This design allows users to acquire veRAACToken at any time and immediately influence gauge weights, which can lead to manipulation and unfair voting power distribution.

Vulnerability Details

The vote function retrieves the voting power of the caller using veRAACToken.balanceOf(msg.sender). This means users can lock tokens right before voting and gain immediate influence over gauge weights. This is problematic because it enables last block strategic voting, which can distort the gauge weighting system and disrupt long-term incentive structures.

A more robust implementation would record users' voting power at predefined timestamps, such as every one or two weeks. This would ensure that voting power reflects long-term commitment rather than temporary token acquisitions.

Relevant code in GaugeController.sol:

function vote(address gauge, uint256 weight) external override whenNotPaused {

if (!isGauge(gauge)) revert GaugeNotFound();

if (weight > WEIGHT_PRECISION) revert InvalidWeight();

uint256 votingPower = veRAACToken.balanceOf(msg.sender); // Uses current balance

if (votingPower == 0) revert NoVotingPower();

uint256 oldWeight = userGaugeVotes[msg.sender][gauge];

userGaugeVotes[msg.sender][gauge] = weight;

_updateGaugeWeight(gauge, oldWeight, weight, votingPower);

emit WeightUpdated(gauge, oldWeight, weight);

}

This logic allows users to obtain veRAACToken just before voting, which is not ideal for a fair voting system.

Impact

Vote Manipulation: Users can acquire veRAACToken any time to influence gauge weights.
Unfair Weight Distribution: Long-term holders may be disadvantaged compared to those who time their purchases strategically.
Protocol Integrity Risks: Short-term manipulation can lead to imbalanced emissions and unfair gauge weight allocations.

Tools Used

Manual code review

Recommended Mitigation

Modify the voting system to consider veRAACToken balances at predefined snapshots rather than the current balance at the time of voting. One approach is to store historical balances at fixed intervals (e.g., weekly) and use those values to determine voting power.

For example:

Implement a checkpointing system where balances are recorded at specific timestamps.
Require users to use their veRAACToken balance from a previous snapshot when casting votes.

This approach ensures that gauge voting power is fairly distributed based on long-term holdings rather than short-term token acquisitions.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BaseGauge::_applyBoost, GaugeController::vote, BoostController::calculateBoost use balanceOf() instead of getVotingPower() for vote-escrow tokens, negating time-decay mechanism

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.