search

sherlock-audit / 2024-06-velocimeter-judging

11 stars 7 forks source link

dev0cloo - Claimable rewards are permanently locked in Voter.sol when `killGaugeTotally()` is called #683

Closed sherlock-admin4 closed 3 months ago

sherlock-admin4 commented 4 months ago

dev0cloo

High

Claimable rewards are permanently locked in Voter.sol when killGaugeTotally() is called

Summary

When a gauge is killed, its associated claimable rewards are permanently lost.

Vulnerability Detail

The Voter.sol contract manages the gauge of a given Pool and is responsible for pausing, restarting and killing gauges. When a gauge is killed, the claimable[_gauge] key value is deleted and because each pool is indexed and has it's rewards distributed based on the pool's weight; rewards meant for the pool with the killed gauge will be permanently stuck in the Voter contract.

function killGaugeTotally(address _gauge) external {
      //function logic

        delete isGauge[_gauge];
        delete claimable[_gauge];
        delete supplyIndex[_gauge];
        delete gauges[_pool];
        try IPair(_pool).setHasGauge(false) {} catch {}

     // more function logic
    }

Impact

Permanent freezing of accumulated rewards for the pool.

Code Snippet

https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/Voter.sol#L421

Tool used

Manual Review

Recommendation

When a gauge is deactivated, the unclaimed rewards associated with it should be addressed. One option is to return these rewards to the Minter contract or a designated recovery contract. Additionally, given that votes cast for a deactivated gauge remain active, it might be prudent to clear these votes to prevent further reward accumulation. This prevents resources from being allocated to a non-functional gauge.

Duplicate of #107