Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Valid

Attacker can keep delegating his boost to others

Vulnerability Details

In BoostController::delegateBoost we are not checking if user has already delegated boost and an attacker can exploit this Vulnerability by keep delegating his boost powers to others.

Impact

An attacker can delegate his boost unlimited times.

Tools Used

Manual Review

Recommendations

Implement a check in BoostController::delegateBoost to see if a user has already delegated his boost.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BoostController::delegateBoost lacks total delegation tracking, allowing users to delegate the same veTokens multiple times to different pools for amplified influence and rewards

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.