Any member can front-run another member’s delegateKey assignment.
If you try to submit an address as your delegateKey, someone else can try to assign your delegate address to themselves.
While incentive of this action is unclear, it’s possible to block some address from being a delegate forever.
Make it possible for a delegateKey to approve delegateKey assignment or cancel the current delegation. Commit-reveal methods can also be used to mitigate this attack.
- ConsenSys Audit The Lao Finding 5.8
- Timing & DoS
- Major Severity
- Front-running
- Delegate Address
- Approve/Cancel
- Commit-Reveal
- Youtube Reference
- Medium severity finding from Consensys Diligence Audit of The Lao