Reviving a gauge will lead to overdistribution of rewards

Github username: @deadrosesxyz Twitter username: @deadrosesxyz Submission hash (on-chain): 0xd3c3c88c5cb6a55fdf0ed49567f63c287f9f3a3da257529eda012a8ffbfd64c9 Severity: medium

Description: Description\ Reviving a gauge will lead to overdistribution of rewards

Attack Scenario\ Within the Voter contract, gauges get rewards based on their relative voted balance. In certain scenarios, the protocol can decide to kill a certain Gauge. By doing so, the gauge will lose their rewards.

    function killGauge(address _gauge) external Governance {
        require(isAlive[_gauge], "killed");
        isAlive[_gauge] = false;
        claimable[_gauge] = 0;

        uint _time = _epochTimestamp();
        totalWeightsPerEpoch[_time] -= weightsPerEpoch[_time][poolForGauge[_gauge]];

        emit GaugeKilled(_gauge);
    }

    function reviveGauge(address _gauge) external Governance {
        require(!isAlive[_gauge], "alive");
        require(isGauge[_gauge], "killed");
        isAlive[_gauge] = true;
        emit GaugeRevived(_gauge);
    }

However, there comes a problem if a gauge is killed and revived

As it can be seen, when the gauge is killed, totalWeightsPerEpoch is decreased. It is not increased back up when reviving the gauge. This would mean that after reviving the gauge, the sum of all gauge weights will be higher than the total weight for that said epoch.

Impact:

Overdistribution of rewards.
Last gauge to claim their rewards will not be able to do so as there will not be enough funds in the contract

Attachments

Proof of Concept (PoC) File
Revised Code File (Optional)

hats-finance / Fenix-Finance-0x83dbe5aa378f3ce160ed084daf85f621289fb92f

Reviving a gauge will lead to overdistribution of rewards #5