# 30959 - \[SC - Insight] Immutable gauges can break the state of the vot... Submitted on May 9th 2024 at 06:48:38 UTC by @infosec\_us\_team for [Boost | Alchemix](https://immunefi.com/bounty/alchemix-boost/) Report ID: #30959 Report type: Smart Contract Report severity: Insight Target: Impacts: * Smart contract unable to operate due to lack of token funds ## Description ## Vulnerability Details **Gauges** are smart contracts accounting for rewards and passing them through to the pools. **Pools** are 3rd-party code subject to updates. If any function deprecates, smart contracts interacting with these pools must be able to update their code accordingly. The **GaugeFactory** creates **Gauges**. There are 2 types of Gauges so far, and the source code of the implementations is hardcoded in the **GaugeFactory**. There is no way to update the implementation of a Gauge if required, nor to add new **Gauges** types with other implementations. The **Voter** smart contract creates gauges by interacting with the **GaugeFactory**. Unfortunately, the current implementation of the **Voter** smart contract receives the address of this immutable **GaugeFactory** on deployment, and there is no way to update it. Even though the role "`emergencyCouncil`" in the **Voter** can deactivate a gauge by calling `Voter.killGauge(address _gauge)`, newly created gauges will still use the same implementation. Therefore the ability to kill gauges only solves half of the problem. Alchemix must be able to deploy a new **GaugeFactory** and make the **Voter** smart contract use the latest factory, to fix problems/emergencies that can only be solved by updating a gauge's source code or adding a new type of gauge. At the time of writing, **the only way to react to bugs in a gauge is to deploy a completely new Voter and GaugeFactory, breaking the entire state of the voting system.** ## Recommendation Create a new function in the `Voter` smart contract allowing the *emergencyCouncil* to update the address of the *GaugeFactory*. Here's our recommended implementation to future-proof the Voter smart contract: ``` /// @notice A not immutable gauge factory contract address ("immutable" keyword removed) address public gaugefactory; // Event emitted when the gauge factory address is updated event GaugeFactoryUpdated(address indexed gauge); function updateGaugeFactory(address _gaugefactory) external { require(msg.sender == emergencyCouncil, "not emergency council"); gaugefactory = _gaugefactory; emit GaugeFactoryUpdated(_gaugefactory); } ``` ## About Severity Due to the catastrophic impact this issue may have, we consider the report to be of `Critical` severity. But because there is a prerequisite, we consider a fair severity to be `High`. ## Proof of Concept This specific report related to a business logic flag does not require an "executable proof of concept" to verify its validity. But following the terms of the Boost, here's a function that deploys the voter and explains with comments the consequences of using an immutable gauge when interacting with 3rd-party code (pools). ``` function testDeployVoter() public { // Deploying the Voter voter = new Voter(address(veALCX), address(gaugeFactory), address(bribeFactory), address(flux), address(alcx)); // 1- The implementation of the gauges can't be updated // 2- The factory itself can't be updated // 3- The Voter can't point to a new gauge factory // The only solution is to deploy a new Voter contract pointing to a new factory, // which breaks the accounting in the voting system. } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/alchemix/30959-sc-insight-immutable-gauges-can-break-the-state-of-the-vot....md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.