oslfmt
commented
2 years ago I'm not sure if I replicated your issue exactly, but I used the EthersTesting.js script you made, and ran the mintAndDelegate() function multiples times. Indeed, each time I ran it, I then checked getVotes() to get the voting power of an account, and it increased by one each time. After awhile, I realized the reason was because in addition to calling delegate(), the for loop also calls mint(), which is what gives the account extra voting power (which is then realized upon delegating).
If you only mint once, however, and call delegate() many times, then the voting power stays the same. I did a test and confirmed this. To extra confirm, if we peer into the code of the delegate() function, we can see that the contracts themselves prevent delegating to oneself multiple times and getting more voting power. In the call to _moveDelegateVotes(), oldDelegate and delegatee are the same, if the user is delegating to themselves multiple times. In _moveDelegateVotes() there is a check that from != to, and so if the user tries to do this, they will never be able to bypass this check. (there is another case if the user delegates to many different accounts they control. I've only skimmed how the contracts prevent this, so don't have a detailed answer, but don't think it'll work either).
So I think we can be somewhat assured a user can't just delegate themselves infinite voting power, the contracts ensure this. Regardless, once a user has delegated, it'd be a nice-to-have to remove the delegate button so they can't delegate again.
When testing out the delegate function in the EthersTesting.js file, I noticed that calling delegate() 5 times on a single address gave it 5 voting power for all the proposals. Since the contracts themselves don't seem to prevent infinite delegation, we'll need some way to ensure (with the delegate button) that a user can't just infinitely delegate votes for themselves.