In BoostController::delegateBoost
we are not checking if user has already delegated boost and an attacker can exploit this Vulnerability by keep delegating his boost powers to others.
An attacker can delegate his boost unlimited times.
Manual Review
Implement a check in BoostController::delegateBoost
to see if a user has already delegated his boost.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.