Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`removeBoostDelegation` Restricts Removal to Delegatee, Preventing Expired Delegation Cleanup

pelz

Summary

The removeBoostDelegation function restricts delegation removal to the delegatee (msg.sender), which can become problematic if the delegatee refuses to remove themselves. As a result, expired delegations may persist indefinitely, causing state bloat and incorrect boost calculations.

Vulnerability Details

Currently, the function checks:

if (delegation.delegatedTo != msg.sender) revert DelegationNotFound();

This ensures that only the delegatee can remove the delegation. However, if the delegatee is uncooperative or malicious, the expired delegation remains in storage even after delegation.expiry has passed.

Impact

  • Incorrect Reward Calculations: Boost metrics may be skewed, potentially affecting fair reward distributions.

  • Loss of Control: Users lose control over their delegations if the delegatee is unresponsive.

Tools Used

Manual code review and state flow analysis.

Recommendations

Allow anyone to remove an expired delegation, ensuring proper cleanup and consistent state.

Suggested Fix

Replace:

if (delegation.delegatedTo != msg.sender) revert DelegationNotFound();

With:

if (delegation.expiry > block.timestamp) revert InvalidDelegationDuration();

This change:

  • Permits anyone to remove delegations only after expiry, preventing abuse.

  • Ensures timely cleanup of expired delegations.

  • Restores user autonomy over their delegations.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController: Users unable to remove their own expired boost delegations, creating dependency on recipients and preventing efficient reallocation of boosts

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.