Missing Pool Support Check in `getUserBoost`
Summary
The function getUserBoost in BoostController.sol does not verify whether the specified pool is supported before executing its logic. This oversight may lead to unintended behavior when interacting with unsupported pools.
Vulnerability Details
In BoostController.sol#L304, the function getUserBoost lacks a check to ensure that the provided pool exists in the supportedPools mapping. As a result, calling getUserBoost with an unsupported pool address may cause unexpected results or inconsistencies in boost calculations.
Impact
Without verifying the pool's support status, users may attempt to retrieve boost values for non-existent or unauthorized pools. This can lead to incorrect data being used in calculations and may introduce potential security risks if certain operations depend on valid pool verification.
Tools Used
Manual code review.
Recommendations
To mitigate this issue, add a validation check at the beginning of the getUserBoost function to ensure that the specified pool is supported:
This change prevents unauthorized or unsupported pools from being used in the function, ensuring that only valid pools are processed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.