Users can increase their voting power in VotingEscrow.sol by locking funds, delegating funds, or extending the time that their funds are locked.
When a user delegates funds to another user and then increases the time that the funds are locked by calling increaseUnlockTime, the voting power should increase, as in the same scenario where the first user does not delegate the funds, his or her voting power increases.
However, this is not the case, as there are no operations that increase the power of the delegated user when increaseUnlockTime is called.
PoC / Attack Scenario
User Alice delegates 10 delegate value to User Bob.
User Alice calls increaseUnlockTime.
User Bob's voting power does not increase.
Suggested Fix
Include operations that increase the delegated user's power when the delegating user calls increaseUnlockTime
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L493-L523
Vulnerability details
[PNM-002] Missing voting power update from
increaseUnlockTime
Links
Description
Users can increase their voting power in VotingEscrow.sol by locking funds, delegating funds, or extending the time that their funds are locked.
When a user delegates funds to another user and then increases the time that the funds are locked by calling
increaseUnlockTime
, the voting power should increase, as in the same scenario where the first user does not delegate the funds, his or her voting power increases.However, this is not the case, as there are no operations that increase the power of the delegated user when
increaseUnlockTime
is called.PoC / Attack Scenario
increaseUnlockTime
.Suggested Fix
Include operations that increase the delegated user's power when the delegating user calls
increaseUnlockTime