Platform: Code4rena
Start Date: 07/08/2023
Pot Size: $36,500 USDC
Total HM: 11
Participants: 125
Period: 3 days
Judge: alcueca
Total Solo HM: 4
Id: 274
League: ETH
Rank: 110/125
Findings: 1
Award: $4.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RED-LOTUS-REACH
Also found by: 0x3b, 0x4non, 0xCiphky, 0xDING99YA, 0xDetermination, 0xE1, 0xG0P1, 0xStalin, 0xWaitress, 0xbrett8571, 0xhacksmithh, 0xkazim, 0xmuxyz, 0xweb3boy, 14si2o_Flint, AlexCzm, Alhakista, Bube, Bughunter101, Deekshith99, Eeyore, Giorgio, HChang26, InAllHonesty, JP_Courses, KmanOfficial, MatricksDeCoder, Mike_Bello90, MrPotatoMagic, Naubit, QiuhaoLi, RHaO-sec, Raihan, Rolezn, SUPERMAN_I4G, Shubham, Silverskrrrt, Strausses, T1MOH, Topmark, Tripathi, Watermelon, _eperezok, aakansha, auditsea, audityourcontracts, ayden, carlos__alegre, castle_chain, cducrest, ch0bu, d23e, deadrxsezzz, deth, devival, erebus, fatherOfBlocks, halden, hassan-truscova, hpsb, hunter_w3b, imkapadia, immeas, jat, kaden, kaveyjoe, klau5, koxuan, kutugu, ladboy233, lanrebayode77, leasowillow, lsaudit, markus_ether, matrix_0wl, merlin, nemveer, ni8mare, nonseodion, oakcobalt, owadez, p_crypt0, pipidu83, piyushshukla, popular00, ppetrov, rjs, sandy, sl1, supervrijdag, tay054, thekmj, wahedtalash77, windhustler, zhaojie
4.2289 USDC - $4.23
https://github.com/code-423n4/2023-08-verwa/blob/498a3004d577c8c5d0c71bff99ea3a7907b5ec23/src/GaugeController.sol#L210 https://github.com/code-423n4/2023-08-verwa/blob/498a3004d577c8c5d0c71bff99ea3a7907b5ec23/src/GaugeController.sol#L212
An invalid value is not being ignored but accepted even if the natspec states it should be ignored.
In the GaugeController.sol contract there is a function called vote_for_gauge_weights. The natspec of that function states that the _user_weight var value is ignored if 0 (so the function should revert) (https://github.com/code-423n4/2023-08-verwa/blob/498a3004d577c8c5d0c71bff99ea3a7907b5ec23/src/GaugeController.sol#L210C16-L210C28).
But in the require used to check exactly that condition, it is allowing the 0 value:
require(_user_weight >= 0 && _user_weight <= 10_000, "Invalid user weight");
That makes invalid the instructions from the natspec and could potentially create unexpected issues and other issues since everyone will be expecting to not have a 0 value in the _user_weightvar.
Manual review.
Replace the code with:
+ require(_user_weight > 0 && _user_weight <= 10_000, "Invalid user weight"); - require(_user_weight >= 0 && _user_weight <= 10_000, "Invalid user weight");
Invalid Validation
#0 - c4-pre-sort
2023-08-13T07:15:37Z
141345 marked the issue as duplicate of #94
#1 - c4-judge
2023-08-24T06:21:26Z
alcueca changed the severity to QA (Quality Assurance)
#2 - c4-judge
2023-08-24T06:24:02Z
alcueca marked the issue as grade-b
#3 - alcueca
2023-08-24T06:25:02Z
Without proof that the function should actually revert, it is clear that this is a natspec error. No proof either that natspec can induce to incidents of Medium or High severity.
#4 - c4-judge
2023-08-24T06:27:34Z
This previously downgraded issue has been upgraded by alcueca
#5 - c4-judge
2023-08-24T06:28:02Z
alcueca changed the severity to QA (Quality Assurance)