Closed ctindogaru closed 2 years ago
@ctindogaru In fact this is not a bug - you should be able to stake your tokens, delegate to yourself, so you can vote with the weight you carry based on your staked tokens. I believe the audit didn't understand this use case.
Closing this as self-delegation is a normal process and should not be forbidden.
Issue reported by Halborn during the audit.
Full description: The delegate() function in sputnik-staking/lib.rs does not check if sender_id == account_id; as a result, the function caller can delegate votes to itself.