4 matches found
RewardsStartTime should be reset when decreaseAVAXAssigned is called
Lines of code Vulnerability details Impact Proof of Concept The fix for M-19 is to get rid of the miniCount code-423n4/2022-12-gogopool-findings235 in calculateAndDistributeRewards function, however, the logic below is added: // check if their rewards time should be reset if...
Mitigation Confirmed for Mitigation of H-06 Issue mitigated
C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...
Upgraded Q -> 2 from #510 [1675932817801]
Judge has assessed an item in Issue 510 as 2 risk. The relevant finding follows: If the current state is Withdrawable, you can still call createMinipool This will result in: 1:recreateMinipool can be front-run by executing recordStakingEnd to get back the stake first, and then executing...
Upgraded Q -> 3 from #867 [1675460716325]
Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...