Lines of code

Vulnerability details

Impact

Detailed description of the impact of this finding.
The extendPledge() function is not correctly implemented because even though the duration is extended, no changes are made to existing delegates who boost to this pledge. A few things need to change: 1) the endTimestamp for those who entered (0) to join the pledge until the end of the pledge need to be adjusted; 2) additional rewards need to be paid to these existing delegates since their commitments are now longer than before; 3) Inform and allow other existing delegates to extend their endTimestamp as well through WardenPledge and delegationBoost.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
<https://github.com/code-423n4/2022-10-paladin/blob/d6d0c0e57ad80f15e9691086c9c7270d4ccfe0e6/contracts/WardenPledge.sol#L368&gt;

Tools Used

Remix

Recommended Mitigation Steps

Reimplement extendPledge() to adjust the endTimestamp of those existing delegates who put Zero for endTimestamp and use a pull-over-push method to distribute the additional reward. The delegationBoost contract also needs to revise to accommodate such extension of a pledge via boost or reboost. Existing delegates should also be allowed to participate in the extension if they so desire.

The text was updated successfully, but these errors were encountered:

👎 1 indijanc reacted with thumbs down emoji

All reactions

• 👎 1 reaction