11 matches found
recreateMinipool may not be called
Lines of code Vulnerability details Impact recreateMinipool may not be called Proof of Concept To resolve M-09, the fix is that: function recordStakingEndThenMaybeCycle address nodeID, uint256 endTime, uint256 avaxTotalRewardAmt external payable whenNotPaused int256 minipoolIndex =...
Upgraded Q -> 2 from #214 [1675930440482]
Judge has assessed an item in Issue 214 as 2 risk. The relevant finding follows: cenario 2 - Use node of node operator In this scenario the NodeOp registers for a duration longer then 14 days. The hacker will hijack the minipool after 14 days and earn rewards on behalf of the node operators node...
Upgraded Q -> 2 from #653 [1675442664703]
Judge has assessed an item in Issue 653 as 2 risk. The relevant finding follows: 1. Funds are locked if Rialto use function finishFailedMinipoolByMultisig Detail Function finishFailedMinipoolByMultisig did not transfer any funds or doing any data change, only updating state of minipool to Finishe...
Upgraded Q -> 2 from #338 [1675444014859]
Judge has assessed an item in Issue 338 as 2 risk. The relevant finding follows: L-07 It should be possible to assign Minipool to a new Multisig MinipoolManager.sol 1 --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #260 [1675460942583]
Judge has assessed an item in Issue 260 as 2 risk. The relevant finding follows: L2 Withdrawable minipool can be finished before funds are withdrawn --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> H from #694 [1675343512989]
Judge has assessed an item in Issue 694 as H risk. The relevant finding follows: there is no check that duration of the Minipool is less than 365 days and if user by mistake set very high value for duration and fails to run node properly user would lose very large number of his GGP collaterals...
The owner minipool count is not decreased in the case of a staking error
Lines of code Vulnerability details Impact When a node operator creates a new pool or the recreateMinipool function is called the minipool count of the owner is increased by 1 and when the staking ends the multisig calls the recordStakingEnd function which will decrease the owner minipool count b...
Possible to block withdrawal of staked funds after recordStakingEnd or stakingError
Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...
Funds of Node Operators can be nullified by any attacker
Lines of code Vulnerability details Impact The MinipoolManager.createMinipool function do not validate the caller's address due to which any address can invoke the createMinipool function with any nodeID existing or new as input. For any existing nodeID the function can be invoked as long as the...
Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds
Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...
MinipoolManager.sol : createMinipool does not check the owner of node when overwriting
Lines of code Vulnerability details Impact owner will be deprived from picking the node id which they already used. when natspec says // If nodeID exists, only allow overwriting if node is finished or canceled The pool that are marked as Withdrawable and Error are also used to overwrite the node ...