Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

bughuntoor - Users can front-run calls to change_gauge_weight in order to acquire more weight for their gauge #16

Closed
sherlock-admin2 opened this issue Nov 29, 2023 · 0 comments
Closed

bughuntoor - Users can front-run calls to change_gauge_weight in order to acquire more weight for their gauge #16

sherlock-admin2 opened this issue Nov 29, 2023 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Nov 29, 2023
edited
Loading

bughuntoor

medium

Users can front-run calls to change_gauge_weight in order to acquire more weight for their gauge

Summary

Users can gain extra weight for their gauge by front-running change_gauge_weight

Vulnerability Detail

It can be expected that in some cases calls will be made to change_gauge_weight to increase or decrease a gauge's weight. The problem is users can be monitoring the mempool expecting such calls. Upon seeing such, any people who have voted for said gauge can just remove their vote prior to change_gauge_weight. Once it executes, they can vote again for their gauge, increasing its weight more than it was expected to be:
Example:

  1. Gauge has 1 user who has voted and contributed for 10_000 weight
  2. They see an admin calling change_gauge_weight with value 15_000.
  3. User front-runs it and removes all their weight. Gauge weight is now 0.
  4. Admin function executes. Gauge weight is now 15_000
  5. User votes once again for the gauge for the same initial 10_000 weight. Gauge weight is now 25_000.

Gauge weight was supposed to be changed from 10_000 to 15_000, but due to the user front-running, gauge weight is now 25_000

Impact

Accruing extra voting power

Code Snippet

https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Locking/GaugeController.vy#L569

Tool used

Manual Review

Recommendation

Instead of having a set function, use increase/ decrease methods.

Duplicate of #122
@github-actions github-actions bot closed this as completed Dec 2, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 2, 2023
@sherlock-admin2 sherlock-admin2 changed the title Spare Leather Puma - Users can front-run calls to change_gauge_weight in order to acquire more weight for their gauge bughuntoor - Users can front-run calls to change_gauge_weight in order to acquire more weight for their gauge Dec 24, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Dec 24, 2023
@Czar102 Czar102 removed the Medium A valid Medium severity issue label Jan 13, 2024
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels Jan 13, 2024
@sherlock-admin2 sherlock-admin2 removed the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jan 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Czar102 @sherlock-admin @sherlock-admin2