TempleGold

Summary:

Whenever the vote power of delegators is changed, the validity of self-delegation of the delegator is not checked, which results in issues in multiple parts of the protocol.

delegate: The function allows stakers to change their delegation, including self-delegation, without restrictions. This can lead to increased gas costs, frequent checkpoint updates

_delegate: This internal function adjusts the voting power of delegates whenever a delegator changes their delegation. Frequent self-delegation changes can cause multiple issues.

• The _withdrawFor function attempts to subtract the delegated balance from zero, which can cause the transaction to revert if the balance does not align correctly due to previous manipulations

Impact:

• The _stakeFor function allows malicious stakers to repeatedly stake tokens and modify delegation and withdrawal processes. This repeated staking, combined with resetting and reassigning delegations, can lead to an accumulation of voting power beyond what would be normally permitted.

Proof of Concept: Here's a scenario demonstrating the issues caused by frequent self-delegation:

1. Staker delegates to Bob.

2. Bob resets self-delegation.

3. The staker stakes the token.

4. The staker changes the delegation to another party.

5. Repeat steps 1-4 to observe increased gas costs, checkpoint updates, and event emission overhead.

Tools Used:

Manual, Foundry

Recommendations:

In the _delegate function, implement validation to check if the delegator has self-delegation enabled at the time of the function call.