Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/02/15 12:0 a.m.12 views

Slashed amount may not be cover the staker reward payout

Lines of code Vulnerability details Impact Slashed amount may not be cover the staker reward payout Proof of Concept In the current fix, If the staked balance cannot cover the slashed amount, seize the staked balance. Staking staking = StakinggetContractAddress"Staking"; if staking.getGGPStakeown...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/14 12:0 a.m.10 views

Mitigation Confirmed for Mitigation of H-06 Issue mitigated

C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/13 12:0 a.m.12 views

Deficiency of slashed GGP amount should be made up from node operator's AVAX

Lines of code Vulnerability details Impact If staked GGP doesn't cover slash amount, slashing it all will not be fair to the liquid stakers. Slashing is rare, and that the current 14 day validation cycle which is typically 1/26 of the minimum amount of GGP staked is unlikely to bump into this...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.8 views

Upgraded Q -> 3 from #508 [1675443043181]

Judge has assessed an item in Issue 508 as 3 risk. The relevant finding follows: L-05 Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. The...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.15 views

MinipoolManager: node operator can avoid being slashed

Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/02 12:0 a.m.10 views

Upgraded Q -> H from #694 [1675343512989]

Judge has assessed an item in Issue 694 as H risk. The relevant finding follows: there is no check that duration of the Minipool is less than 365 days and if user by mistake set very high value for duration and fails to run node properly user would lose very large number of his GGP collaterals...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.7 views

GGP slashing mechanism is incomplete.

Lines of code Vulnerability details Impact The protocol docs mentions that "If the validator is failing at their duties, their GGP will be slashed and used to compensate the loss to our Liquid Stakers." But the actual implementation of the Staking.slashGGP function is very different from the abov...

7AI score
Exploits0
Rows per page
Query Builder