Open hats-bug-reporter[bot] opened 8 months ago
I think this is invalid, as you only think that to replace a vote a new vote with userPower == 0
is needed. But the user, once the lock is expired, and the cooldown to vote for that gauge is through, the user can vote with a new userPower
(lower than the one there is to free a part of the votes if needed, and higher if the user has free voting power available too).
The internal calculations will account for the votes being expired, and now to 0, but in practice the usedPower is still 20%, simply 20% of 0 is 0.
@Kogaroshi , Thanks for your comment.
Let me try to break down the example.
User A
has 20%
free power
, while the remaining 80%
are blocked for their proxied voters
.
Proxied voters
are allowed for a long period.User A
casts 20%
to the Gauge G1
, which expires approximately one month later.
It is always possible to increase the lock time at any time.
The new expiry date is set to 6 months.User A
wants to cast all free votes to Gauge G2
.
At this point, usedFreePower
is still 20%
, and 80%
are reserved for proxied voters
.
To cast 20%
free votes
to G2
, User A
should clear the expired free votes
.
These 20%
free votes
have already expired and did not contribute to the weight of G1
.G1
with 0
free power
, effectively clearing the expired power
.
After that, User A
can cast free votes
to G2
.
(Of course, any of the proxied voters
can assist by casting some votes
, but this falls under outer functionality)User A
and proxied voters
, can cast votes to G1
for 10
days.If the user decides not to cast free votes
to G1
, does that mean that none of the proxied voters
will cast votes for 10
days?
I think the suggested solution is straightforward and easy to implement.
Further comments would be greatly appreciated.
The reason I said I thought it was invalid is because the scenario you described is normal. Even in the case no votes expire, the proxies can't vote on gauges the user voted for, which is indeed makes the flow for votes a bit harder to manage for the users and their proxie(s), but also required so the proxy system is not bypassed (by having the user remove proxy casted votes, or offering a possibility to override the cooldown that could then be used to bypass it when it should not be).
Using the suggested solution helps us avoid an undesired situation.
By clearing the expired free votes
instead of casting votes to G1
, we can freely utilize the cleared free power
for G2
, and proxied voters
can still vote for G1
as their choice.
I believe this can be marked as at least low priority, but I will respect your decision.
Thanks, @Kogaroshi
I understood the solution you proposed, but it also introduces a system where users make the lowest duration of locks, and use the new system for reset their votes for free, without any consideration for the cooldown, for them (or their proxie(s) to cast any desired votes without caring about the flow all other users that Lock long time and change their votes when they need go through. Imo that introduces an unfair system, that will also incentivize to make small duration locks rather than long term locks, which means create unfairness towards less-aligned users in the system, which does not make sense to us in the context of tokenomics.
What about this?
Of course, I also agree that we should not permit clearing previous free votes
before the cooldown time, even though those votes have already expired.
function clearExpiredUsedFreePower(address user, address gauge) external {
VotedSlope memory oldSlope = voteUserSlopes[user][gauge];
if (oldSlope.caller == user && oldSlope.end < block.timestamp && block.timestamp >= lastUserVote[user][gauge] + VOTE_COOLDOWN) {
usedFreePower[user] -= oldSlope.power;
delete voteUserSlopes[user][gauge];
}
}
Even for proxy votes, it stays the same flaw, as I can just proxy all my vote to my 2nd address for the whole duration of my small locks, and use that feature to bypass the cooldown.
Seems like I am misunderstanding your point.
Let me think more.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xbeb4a0ecba733f733ff048f2b43cb4c12355e39f4290a20399985fadc3c46e20 Severity: medium
Description: Description\ Some of the user's
votes
are forproxied voters
, while there are also availablefree votes
that the user can utilize. Allvotes
have expiration dates. If the user wishes to clear expiredfree votes
, there is a unique method to cast0 free votes
to that gauge. This affects future voting.Attack Scenario\ Suppose
User A
has20%
of theirvotes
asfree votes
, while the remaining80%
are forproxied voters
.User A
casts10%
of hisfree votes
toGauge G1
and another10%
toGauge G2
. Thesevotes
expire at the lock end time of this user.User A
may increaselock time
or lock new tokens after the expiry.free votes
have expired, theusedFreePower
ofUser A
remains at20%
. If theproxied votes
are allowed for a longer period,User A
may no longer be able to castfree votes
.free votes
forGauge G3
,User A
must clear the expiredfree votes
associated withG1
orG2
. The only way is to cast0 free votes
for thosegauges
.issue
is that this action is also considered asvotes
, and thelastUserVote
is updated accordingly. Consequently, users cannot castvote
s to thesegauge
s for10 days (VOTE_COOLDOWN)
.Revised Code File (Optional)
Add a function to clear expired
free votes
.