Missing Delegation Support in veRAACToken Governance System
Summary
The veRAACToken contract lacks essential delegation functionality that is crucial for modern DeFi governance systems. This omission prevents token holders from delegating their voting power and limits participation options for smart contract wallets, potentially impacting governance efficiency and participation rates.
Vulnerability Details
The veRAACToken contract is missing critical delegation components:
There is no delegation state tracking:
In a nutshell, veRAACToken doesn't support for EIP-5805 "Voting with delegation"
We can see the reference to this implementation in the OpenZeppelin Governor and Votescontracts:
Impact
Reduced governance participation as token holders cannot delegate their voting power to active community members
Smart contract wallets are limited in their governance participation options due to missing
delegateBySigHigher difficulty in reaching quorum for governance decisions due to requiring direct participation from all voters
Tools Used
Manual Review
Recommendations
The OpenZeppelin Votes.sol implementation provides a complete reference for proper delegation support. Consider using it integrated with the Governor.sol to fully support delegation/delegationBySig.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.