Missing Update of Delegated Boost in `delegateBoost` Function
Summary
The delegateBoost function in BoostController.sol fails to properly update the mapping tracking delegated boosts in the totalBoost of the pool and the user’s boost struct, resulting in an inaccurate calculation of the pool’s boost and incorrect return values from the getPoolBoost function.
Vulnerability Details
In the delegateBoost function, when a user delegates their boost to another address, the mapping userBoosts[msg.sender][to] is updated, but the corresponding poolBoosts[pool].totalBoost and other related members are not adjusted. This results in the pool's boost being inaccurate, causing the function getPoolBoost to return incorrect values related to the pool's total and working boost.
Impact
This issue can lead to incorrect calculations for pool boost values, impacting the entire protocol's boost system. A pool's actual boost may not match the expected total, potentially affecting users' rewards, incentives, or decision making when interacting with pools.
Tools Used
Manual code review
Recommended Mitigation
In the delegateBoost function, ensure that the pool's total boost and other relevant parameters (workingSupply, lastUpdateTime) are updated appropriately whenever a boost is delegated. This can be done by adding logic to adjust the poolBoost.totalBoost and related values in sync with the boost delegation to maintain the correct boost state for pools.
Lead Judging Commences
BoostController removes pool boost on delegation removal without adding it on delegation creation, leading to accounting inconsistencies and potential underflows
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.