Submission Details
Severity:
Delegator Cannot Revoke Boost Delegation Before Expiry
Description
The removeBoostDelegation function only allows the delegatee to revoke a delegation, preventing the delegator from reclaiming their boost before expiry. If the delegatee becomes inactive or malicious, the delegator has no control over their allocated boost. This reduces flexibility and may lead to unintended lock-in.
Note that even delegateBoost() function itself can't override previous delegations in case delegator tries to delegate 0 amounts to previous delegatee because of this check:
// https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/governance/boost/BoostController.sol#L226-L227
function delegateBoost(&args) {
...
UserBoost storage delegation = userBoosts[msg.sender][to];
if (delegation.amount > 0) revert BoostAlreadyDelegated();
...
}
Recommendation
+ function revokeDelegation(address _to) public {
+ delete userBoosts[msg.sender][to];
+ }
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
BoostController: Users unable to remove their own expired boost delegations, creating dependency on recipients and preventing efficient reallocation of boosts
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.