Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

No Mechanism to Update or Extend Delegation

maglov

Summary

Once a delegation is created, users cannot update or extend it without first revoking it. This reduces flexibility and usability.

Vulnerability Details

The delegateBoost function does not allow users to modify an existing delegation.
If a user wants to change the amount or duration of their delegation, they must first revoke the existing delegation and create a new one.
This process is inefficient and could lead to gaps in delegation if not handled properly.

Impact

Reduced Flexibility: Users cannot update or extend their delegation without revoking it first.
User Frustration: Users may feel locked into their initial delegation, reducing engagement in the governance process.
Inefficient Governance: Users may need to revoke and recreate delegations frequently, wasting gas and time.

PoC

A user delegates 100 boost to another address for 30 days.
After 15 days, the user wants to extend the delegation to 60 days.
The user must first revoke the existing delegation and then create a new one.
During this process, the delegation is temporarily inactive, potentially affecting governance outcomes.

Tools Used

Manual Review

Recommendations

Add functionality to update or extend an existing delegation:

function updateDelegation(

address to,

uint256 amount,

uint256 duration

) external nonReentrant {

if (paused()) revert EmergencyPaused();

if (to == address(0)) revert InvalidDelegateAddress();

if (amount == 0) revert InvalidBoostAmount();

if (duration < MIN_DELEGATION_DURATION || duration > MAX_DELEGATION_DURATION)

revert InvalidDelegationDuration();

UserBoost storage delegation = userBoosts[msg.sender][to];

if (delegation.amount == 0) revert NoDelegationFound();

uint256 availableBoost = getAvailableBoost(msg.sender);

if (amount > availableBoost + delegation.amount) revert InsufficientBoost();

delegation.amount = amount;

delegation.expiry = block.timestamp + duration;

delegation.lastUpdateTime = block.timestamp;

emit DelegationUpdated(msg.sender, to, amount, duration);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.