3 matches found
The increaseTotalValidatorActiveCount in PermissionedPool incorrectly adds requiredValidators instead of validatorToDeposit
Lines of code Vulnerability details Impact When the Stader Stake Pools Manager calls stakeUserETHToBeacon chain, it does so calculating the requiredValidators that can be added to the pool. The function internally also uses the allocateValidatorsAndUpdaterOperatorId to compute each operator's...
NodeOperator will steal other NodeOperators' validators through frontrunning
Lines of code Vulnerability details Impact People that want to earn staking rewards, but do not have the resources to run validators, will see Stader as an avenue where they can easily steal and use others validators and they will actually earn Operator rewards from Stader. This could lead to two...
BEACON CHAIN VALIDATOR COULD SELF RESCUE WHEN OPERATOR IS FROZEN
Lines of code Vulnerability details Impact The modifier onlyNotFrozen is intuitive such that the staker will be frozen when the delegated operator is frozen. However, not utilizing it in recordOvercommittedBeaconChainETH and undelegate could allow the Beacon Chain validator to undelegate from the...