7 matches found
Mitigation Confirmed for Mitigation of H-06 Issue mitigated
C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...
Minipool whose multisig has been disabled cannot be reassigned a valid one
Lines of code Vulnerability details Impact The likelihood of startRewardsCycle reverting due to division by zero is practically not going to happen. This is because disableAllMultisigs is only reasonably invoked when pauseEverything is called by the defender. At his point, startRewardsCycle will...
Upgraded Q -> 2 from #510 [1675932817801]
Judge has assessed an item in Issue 510 as 2 risk. The relevant finding follows: If the current state is Withdrawable, you can still call createMinipool This will result in: 1:recreateMinipool can be front-run by executing recordStakingEnd to get back the stake first, and then executing...
MinipoolManager: node operator can avoid being slashed
Lines of code Vulnerability details Impact When staking is done, a Rialto multisig calls MinipoolManager.recordStakingEnd . If the avaxTotalRewardAmt has the value zero, the MinipoolManager will slash the node operator's GGP. The issue is that the amount to slash can be greater than the GGP balan...
Upgraded Q -> 3 from #867 [1675460716325]
Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...
Funds of Node Operators can be nullified by any attacker
Lines of code Vulnerability details Impact The MinipoolManager.createMinipool function do not validate the caller's address due to which any address can invoke the createMinipool function with any nodeID existing or new as input. For any existing nodeID the function can be invoked as long as the...
Owner may lose funds if Minipool is recreated before funds are withdrawn
Lines of code Vulnerability details The createMinipool function of the MinipoolManager contract can be used to reinitialize an existing minipool and potentially lose user funds. If the given nodeID has an existing minipool index, then the state for the minipool is reset: if minipoolIndex != -1...