Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Boost delegation to same address cannot be repeated again.

orangesantra

Summary

Contract - BoostController.sol

  1. There is function removeBoostDelegation() which is used to remove the boostdelgation from user.

  2. After removal of delegation, if user wishes to delegate again to same address, he won't be able to do that.

  3. Because of following check -

if (delegation.amount > 0) revert BoostAlreadyDelegated();

  1. this problem arises because in removeBoostDelegation(), delegation.amount amount not resetting to 0.

BoostController.sol::delegateBoost() ->

function delegateBoost(
address to,
uint256 amount,
uint256 duration
) external override nonReentrant {
if (paused()) revert EmergencyPaused();
if (to == address(0)) revert InvalidPool();
if (amount == 0) revert InvalidBoostAmount();
if (duration < MIN_DELEGATION_DURATION || duration > MAX_DELEGATION_DURATION)
revert InvalidDelegationDuration();
uint256 userBalance = IERC20(address(veToken)).balanceOf(msg.sender);
if (userBalance < amount) revert InsufficientVeBalance();
UserBoost storage delegation = userBoosts[msg.sender][to];
@-> if (delegation.amount > 0) revert BoostAlreadyDelegated();
delegation.amount = amount;
delegation.expiry = block.timestamp + duration;
delegation.delegatedTo = to;
delegation.lastUpdateTime = block.timestamp;
emit BoostDelegated(msg.sender, to, amount, duration);
}

BoostController.sol::removeBoostDelegation() ->

function removeBoostDelegation(address from) external override nonReentrant {
UserBoost storage delegation = userBoosts[from][msg.sender];
if (delegation.delegatedTo != msg.sender) revert DelegationNotFound();
if (delegation.expiry > block.timestamp) revert InvalidDelegationDuration();
PoolBoost storage poolBoost = poolBoosts[msg.sender];
if (poolBoost.totalBoost >= delegation.amount) {
poolBoost.totalBoost -= delegation.amount;
}
if (poolBoost.workingSupply >= delegation.amount) {
poolBoost.workingSupply -= delegation.amount;
}
poolBoost.lastUpdateTime = block.timestamp;
emit DelegationRemoved(from, msg.sender, delegation.amount);
delete userBoosts[from][msg.sender];
}

As we can see, inside removeBoostDelegation the delegation.amount amount is not re-setting to 0

Vulnerability Details

Same as above.

Impact

User will never be able to delegate his boost again to same address, twice. Hence breaking the code functionality.

Tools Used

Maanual

Recommendations

in removeBoostDelegation() set delegation.amount = 0.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController::delegateBoost prevents multiple delegations to the same address due to absolute delegation check, restricting users from efficiently managing partial delegations over time

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController::delegateBoost prevents multiple delegations to the same address due to absolute delegation check, restricting users from efficiently managing partial delegations over time

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.