3/16/2022
A contract bug that could allow a third party to forcibly change the delegate of a delegator was recently brought to the core team’s attention. A fix for the bug has been deployed and there should be no cases where a third party (outside of the L2Migrator contract which has special privileges specifically when a delegator is migrating from L1 to L2) can forcibly change the delegate of a delegator.
From a delegator harm POV, in the worst case, this exploit could prevent a delegator from earning rewards and fees if the new delegate does not earn any rewards or fees - since the delegator doesn’t lose its existing stake and since the attacker doesn’t benefit from this type of attack this can be considered a griefing attack that prevents the delegator from accessing yield that it would otherwise have access to. From an adversary benefit POV, in the worst case, this exploit could allow an adversary to boost its own rewards if it forces victim delegators to delegate to its own orchestrator with a reward cut set to 100% - the adversary’s orchestrator would see larger rewards per round thanks to the stake delegated by victim delegators and would keep all of the rewards since its reward cut is set to 100%. While fixing this bug, the core team also addressed another smaller issue where earnings would not be calculated correctly in the scenario where a third party changed the delegate of a delegator or staked additional LPT on behalf of the delegator.
The deployment of this bug fix is a part of the governance failsafes procedure described in [1]. The bug created the opportunity for an attacker to prevent a delegator from accessing yield and in certain circumstances even extract additional rewards/fees. With this in mind, the core team moved forward with a fix swiftly to resolve this issue for the community as soon as possible.