Lack of Expiry Validation in Boost Delegation Getters
Summary
The BoostController contract implements boost delegation with an expiry mechanism; however, the current getter functions do not validate whether a delegated boost has expired. This omission may cause stale or incorrect boost values to be reported, leading to potential misinterpretation of a user's effective boost.
Vulnerability Details
When a boost is delegated, an expiry timestamp is stored and later verified only in the boost removal function. The design allows the recipient to remove the delegation after expiry, but during the period after expiry and before removal, the delegation data remains unchanged in storage. Functions such as getWorkingBalance retrieve boost data directly from storage (i.e. userBoosts[user][pool]) without checking if the boost has expired. As a result, even after a boost delegation has expired, these getters may continue to report the stale boost amount, potentially misleading downstream processes or user interfaces that rely on this data. Since only the recipient can remove a boost after expiry—and doing so might reduce their effective boost—the recipient might be incentivized to leave an expired delegation active. This behavior further exacerbates the risk of relying on outdated boost values for reward calculations or governance decisions.
Impact
Misleading Data Representation:
User interfaces and off-chain tools that use these getter functions could display inaccurate boost values, misrepresenting a user's actual rewards or governance power. Other parts of the protocol that mayrely on these getters to compute rewards or adjust voting power, the use of stale boost data may result in over- or under-compensation, thereby affecting the fairness and economic incentives of the system.
Tools Used
Manual Review
Recommendations
-
Implement Expiry Checks in Getters:
Modify the getter functions (e.g.,getWorkingBalance,getUserBoost) to validate the expiry of a boost delegation. For example, they should return a zero boost or indicate an expired state if the current timestamp exceeds the stored expiry timestamp. -
Automatic Purge or Update of Expired Delegations:
Consider adding functionality that automatically clears or updates expired boost delegations during read operations or via a scheduled maintenance function. This will ensure that stale data does not persist in the contract’s state. -
Review Delegation Removal Incentives:
Revisit the design where only the recipient can remove expired delegations. This could be restructured so that either any party can trigger the removal of an expired boost or that the system automatically invalidates expired entries without leaving it to the recipient’s discretion.
Lead Judging Commences
BoostController getter functions return stale delegation information without validating expiry, potentially misleading users and external systems about active boost values
BoostController getter functions return stale delegation information without validating expiry, potentially misleading users and external systems about active boost values
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.