search

code-423n4 / 2022-05-aura-findings

0 stars 1 forks source link

Impossible Clearance of Delegate #231

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L464-L509

Vulnerability details

ALR-01M: Impossible Clearance of Delegate

File Lines Type
AuraLocker.sol L464-L509 Code Functionality

Description

The delegate function disallows clearance of any existing delegation, thereby forcing the user to retain a delegate active beyond the first activation.

Impact

The user will be unable to "clear" their delegation in a straightforward manner if the original delegator is malicious. Additionally, any on-chain smart contract integrations will have to rely on a different address flag than address(0) to clear delegates, hampering integration.

Solution (Recommended Mitigation Steps)

We advise delegates to be properly clearable similarly to other governance implementations such as Compound. In case the address(0) needs to be retained as a special address, we advise an explicit function for clearing the delegate to be introduced or an alternative address to be used as a "clear-delegate" flag.

PoC

Issue is deducible by inspecting the relevant lines referenced in the issue and making note of the require check prohibiting the new delegate to be the zero-address.

Tools

Manual inspection of the codebase.

0xMaharishi commented 2 years ago

Users can simply delegate to themselves

dmvt commented 2 years ago

I agree with the sponsor on this one. The user may not understand this flow, but the frontend can provide it easily. The required functionality exists making this invalid.