The delegateBoost function doesn't work
Summary
The delegate boost doesn't work as intended. The method delegateBoost doesn't handle the fact that the second entry on the usersBoost double array is a pool adress.
Vulnerability Details
The vulnerability is located in the following line :
The variable modified is defined as such :
mapping(address => mapping(address => UserBoost)) private userBoosts; // user => pool => boost
Delegating to a wallet address will not work as no the userBoosts is intended to survey the delegations to a pool.
To delegate a boost to another user, this method will have to modify this variable : userBoosts[receiver][pood] instead of userBoost[msg.sender][receiver]
Impact
High Impact. There's a severe disruption of protocol functionality or availability.
High Likehood.
Tools Used
Manual Review
Recommendations
Replace:
UserBoost storage delegation = userBoosts[msg.sender][to];
By :
UserBoost storage delegation = userBoosts[to][targetedPool];
And introduce a variable to track all the delegations from an user.
Lead Judging Commences
BoostController's delegation system fundamentally broken due to missing pool associations, treating recipient addresses as pools and never properly updating pool boost metrics
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.