Malicious code in active-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6447 Malicious code in active-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

The increaseTotalValidatorActiveCount in PermissionedPool incorrectly adds requiredValidators instead of validatorToDeposit

Lines of code Vulnerability details Impact When the Stader Stake Pools Manager calls stakeUserETHToBeacon chain, it does so calculating the requiredValidators that can be added to the pool. The function internally also uses the allocateValidatorsAndUpdaterOperatorId to compute each operator's...