Lucene search
K

26 matches found

Code423n4
Code423n4
added 2023/01/03 12:0 a.m.13 views

NODE OPERATORS CAN WITHDRAW ALL THEIR GGP COLLATERAL BEFORE VALIDATION PERIOD ENDS THEREBY AVOIDING SLASHING.

Lines of code Vulnerability details Impact 1. Node operators can avoid slashing, thus no penalties. 2. Node operators can withdraw their entire GGP collateral before the validation period is over. Proof of Concept The withdrawGGP function in Staking.sol transfers back to node operator excess GGP...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.7 views

GGP slashing mechanism is incomplete.

Lines of code Vulnerability details Impact The protocol docs mentions that "If the validator is failing at their duties, their GGP will be slashed and used to compensate the loss to our Liquid Stakers." But the actual implementation of the Staking.slashGGP function is very different from the abov...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.11 views

Slashing can prevent Protected Staking Pool depositors from redeeming their ETH

Lines of code Vulnerability details The documentation states that: The Protected Staking Pool is free from any slashing and leaking risk. While the penalties affect the node operator first, then the Fees and MEV Pool stakers, if the slashing amount is higher, it will also impact the Protected...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.285 views

dETH are branded as slash proof, but ETH2 slashing could make 32 deposit drop much below 24 (down to 0), making dETH undercollateralized

Lines of code Vulnerability details Description dETH is advertised as fault proof , slash proof ETH However, ETH2 staked deposit can be slashed from 32 down to 0, not just to 24 as would be expected24 dETH printed. This means dETH is undercollateralized, and indeeds bears the risk of being "paper...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.6 views

Primary operator can unbond to avoid slashing and DOS job execution

Lines of code Vulnerability details If a primary operator fails to call HolographOperator.executeJob on time, a secondary operator can make the call, which will result in slashing the primary operator, as described in the documentation. The primary operator that failed to do the job, is slashed t...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.5 views

Lodestar 输入验证错误漏洞

Lodestar is a TypeScript implementation of Ethernet consensus. Versions of Lodestar prior to 0.36.0 suffer from an input validation error vulnerability that stems from the inclusion of maliciously crafted AttesterSlashing or ProposerSlashing on the chain, which may have a consensus split...

7.5CVSS7.3AI score0.01228EPSS
Exploits0References4
Rows per page
Query Builder