Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Total Boost And Working Supply Not Updated

ChainDefenders

Summary

In the BoostController.sol contract the delegateBoost function does not update totalBoost and workingSupply for the pool (to), leading to incorrect boost calculations.

Vulnerability Details

The vulnerability arises from the delegateBoost function, which delegates boost from one user to another without updating the totalBoost and workingSupply for the recipient pool. This omission can lead to incorrect boost calculations, as the pool's total boost and working supply are not accurately reflected after the delegation.

Impact

By not updating the totalBoost and workingSupply for the recipient pool, the protocol will calculate incorrect boost values for users and pools when a boost is removed through removeBoostDelegation. This can result in users receiving higher or lower boosts than intended, affecting the fairness and accuracy of the boost system. Over time, this can undermine user trust and the integrity of the protocol.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, update the delegateBoost function to include the necessary updates to totalBoost and workingSupply for the recipient pool. Here is an example of how to implement this:

function delegateBoost(
address to,
uint256 amount,
uint256 duration
) external override nonReentrant {
if (paused()) revert EmergencyPaused();
if (to == address(0)) revert InvalidPool();
if (amount == 0) revert InvalidBoostAmount();
if (duration < MIN_DELEGATION_DURATION || duration > MAX_DELEGATION_DURATION)
revert InvalidDelegationDuration();
if (!supportedPools[to]) revert PoolNotSupported();
uint256 userBalance = IERC20(address(veToken)).balanceOf(msg.sender);
if (userBalance < amount) revert InsufficientVeBalance();
UserBoost storage delegation = userBoosts[msg.sender][to];
if (delegation.amount > 0) revert BoostAlreadyDelegated();
delegation.amount = amount;
delegation.expiry = block.timestamp + duration;
delegation.delegatedTo = to;
delegation.lastUpdateTime = block.timestamp;
// Update pool boost totals
PoolBoost storage poolBoost = poolBoosts[to];
poolBoost.totalBoost += amount;
poolBoost.workingSupply += amount;
poolBoost.lastUpdateTime = block.timestamp;
emit BoostDelegated(msg.sender, to, amount, duration);
emit PoolBoostUpdated(to, poolBoost.totalBoost, poolBoost.workingSupply);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController removes pool boost on delegation removal without adding it on delegation creation, leading to accounting inconsistencies and potential underflows

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController removes pool boost on delegation removal without adding it on delegation creation, leading to accounting inconsistencies and potential underflows

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!