Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Unsupported Pools Delegation

ChainDefenders

Summary

In the BoostController.sol contract the delegateBoost function lacks a check for supportedPools[to], which can lead to incorrect and unusable boosts.

Vulnerability Details

The vulnerability arises from the absence of a check to verify if the recipient pool (to) is a supported pool in the delegateBoost function. Without this check, boosts can be delegated to unsupported pools, resulting in incorrect and unusable boosts. This can cause the protocol to allocate boosts to pools that do not recognize or utilize them, leading to inefficiencies and potential errors in the boost system.

Impact

By allowing boosts to be delegated to unsupported pools, the protocol may allocate resources inefficiently, leading to incorrect boost calculations and unusable boosts. This can affect the fairness and accuracy of the boost system, undermining user trust and the integrity of the protocol. Users may experience unexpected behavior and discrepancies in their boost allocations.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, add a check to verify if the recipient pool (to) is a supported pool in the delegateBoost function. Here is an example of how to implement this:

function delegateBoost(

address to,

uint256 amount,

uint256 duration

) external override nonReentrant {

if (paused()) revert EmergencyPaused();

if (to == address(0)) revert InvalidPool();

if (amount == 0) revert InvalidBoostAmount();

if (duration < MIN_DELEGATION_DURATION || duration > MAX_DELEGATION_DURATION)

revert InvalidDelegationDuration();

if (!supportedPools[to]) revert PoolNotSupported(); // Check for supported pool

uint256 userBalance = IERC20(address(veToken)).balanceOf(msg.sender);

if (userBalance < amount) revert InsufficientVeBalance();

UserBoost storage delegation = userBoosts[msg.sender][to];

if (delegation.amount > 0) revert BoostAlreadyDelegated();

delegation.amount = amount;

delegation.expiry = block.timestamp + duration;

delegation.delegatedTo = to;

delegation.lastUpdateTime = block.timestamp;

// Update pool boost totals

PoolBoost storage poolBoost = poolBoosts[to];

poolBoost.totalBoost += amount;

poolBoost.workingSupply += amount;

poolBoost.lastUpdateTime = block.timestamp;

emit BoostDelegated(msg.sender, to, amount, duration);

emit PoolBoostUpdated(to, poolBoost.totalBoost, poolBoost.workingSupply);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BoostController::delegateBoost lacks supported pool validation, allowing delegation to arbitrary addresses

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BoostController::delegateBoost lacks supported pool validation, allowing delegation to arbitrary addresses

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!