Open c4-bot-1 opened 3 weeks ago
Thank you for your submission.
Similar to #16
Still needs some specific conditions, although this is technically a valid submission
Thank you for your participation
alcueca marked the issue as satisfactory
alcueca marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-09-fenix-finance/blob/main/contracts/core/VoterUpgradeableV2.sol#L250-L256
Vulnerability details
Impact
This vulnerability could allow revived gauges to claim more rewards than intended under specific circumstances, potentially leading to unfair distribution of rewards.
Description
The
reviveGauge
function fails to update the gauge's index to the current global index when reviving a previously killed gauge. While this issue is mitigated in most scenarios by thedistributeAll
function, which updates all gauges' indices to the global index on each epoch, a vulnerability still exists under specific conditions.Relevant code snippet:
The vulnerability arises in scenarios where:
distributeAll
cannot update all gauges in a single transaction.distribute
function for a killed gauge.In this specific scenario, a revived gauge could retain an outdated index, leading to incorrect reward calculations.
Example scenario
Epoch x:
Epoch x+1:
distributeAll
fails to update all gauges due to gas limitationsEpoch x+2:
When claiming rewards:
Gauge A claims excess rewards for the period it was killed. This discrepancy, while rare, could lead to unfair reward distribution for all gauges.
Rationale on severity
High impact - Lead to loss of funds of other gauges.
Low likelihood - Only happen in specific circumstances.
Hence, Medium severity.
Proof-of-Concept
The following test tries to demonstrate described scenario where GaugeA is killed and due to specific circumstance doesn't get update before being revived.
Steps
reviveGaugeBug.ts
intest/core/VoterV2/
npx hardhat test test/core/VoterV2/reviveGaugeBug.ts --grep "reviveGaugeDoesNotUpdateToGlobalIndex" --trace
Recommended Mitigations
Assessed type
Context