lacoop6tu
commented
2 years ago This is an expected behaviour, if a user delegated, he has to increase the unlock time in order to undelegate or re-delegate
Closed code423n4 closed 2 years ago
lacoop6tu
commented
2 years ago This is an expected behaviour, if a user delegated, he has to increase the unlock time in order to undelegate or re-delegate
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L493-L523
Vulnerability details
Impact
The delegator's lock expiration can be set to be longer than the delegatee's.
Proof of Concept
From the documentation, it is imperative that te delegatee's lock expiration needs to be longer than the delegator as described here : https://code4rena.com/contests/2022-08-fiat-dao-vefdt-contest#:~:text=the%20delegatee%27s%20lock%20expiration%20needs%20to%20be%20longer%20than%20the%20delegator%27s. However, users are allowed to increase their
_unlockTimevia theincreaseUnlockTime ()function here https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L493-L523From the
increaseUnlockTime ()function as shown above, increase in unlockTime does not check to ensure that the new set lock is not greater than thedelegatee'slock as envision in the documentation as shown below before settinglocked[msg.sender] = locked_;Tools Used
Recommended Mitigation Steps
increase in unlockTime should check to ensure that the new set lock is not greater than the
delegatee'sbefore settinglocked[msg.sender] = locked_;