Incorrect Gauge Weight Emission in BoostController Vote Function
Summary
The BoostController contract’s vote function emits the WeightUpdated event using the user-provided weight instead of the actual gauge weight computed after the vote update. This discrepancy leads to inaccurate reporting of gauge weight changes.
Vulnerability Details
In the vote function, the contract captures the old user vote weight from userGaugeVotes and then updates it with the new user-specified weight:
Subsequently, it calls the internal function _updateGaugeWeight which recalculates the gauge's weight based on the user's voting power:
However, the event is emitted as follows:
This emission uses the raw input value weight (i.e. the new user vote weight) rather than the recalculated gauge weight (newGaugeWeight).
Impact
Off-chain systems and users relying on the WeightUpdated event for monitoring gauge weights may receive misleading data. Furthermore, inconsistent event data undermines transparency in gauge voting, potentially affecting the integrity of reward distribution and governance processes.
Tools Used
Manual Code Review
Recommended Mitigation
Modify the vote function to emit the actual updated gauge weight. For example, after calling _updateGaugeWeight, retrieve the new gauge weight from the contract’s storage and use it in the event emission:
Lead Judging Commences
WeightUpdated emits user's inputted weight instead of the new weight value as per IGaugeController
WeightUpdated emits user's inputted weight instead of the new weight value as per IGaugeController
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.