26 matches found
NODE OPERATORS CAN WITHDRAW ALL THEIR GGP COLLATERAL BEFORE VALIDATION PERIOD ENDS THEREBY AVOIDING SLASHING.
Lines of code Vulnerability details Impact 1. Node operators can avoid slashing, thus no penalties. 2. Node operators can withdraw their entire GGP collateral before the validation period is over. Proof of Concept The withdrawGGP function in Staking.sol transfers back to node operator excess GGP...
GGP slashing mechanism is incomplete.
Lines of code Vulnerability details Impact The protocol docs mentions that "If the validator is failing at their duties, their GGP will be slashed and used to compensate the loss to our Liquid Stakers." But the actual implementation of the Staking.slashGGP function is very different from the abov...
Slashing can prevent Protected Staking Pool depositors from redeeming their ETH
Lines of code Vulnerability details The documentation states that: The Protected Staking Pool is free from any slashing and leaking risk. While the penalties affect the node operator first, then the Fees and MEV Pool stakers, if the slashing amount is higher, it will also impact the Protected...
dETH are branded as slash proof, but ETH2 slashing could make 32 deposit drop much below 24 (down to 0), making dETH undercollateralized
Lines of code Vulnerability details Description dETH is advertised as fault proof , slash proof ETH However, ETH2 staked deposit can be slashed from 32 down to 0, not just to 24 as would be expected24 dETH printed. This means dETH is undercollateralized, and indeeds bears the risk of being "paper...
Primary operator can unbond to avoid slashing and DOS job execution
Lines of code Vulnerability details If a primary operator fails to call HolographOperator.executeJob on time, a secondary operator can make the call, which will result in slashing the primary operator, as described in the documentation. The primary operator that failed to do the job, is slashed t...
Lodestar 输入验证错误漏洞
Lodestar is a TypeScript implementation of Ethernet consensus. Versions of Lodestar prior to 0.36.0 suffer from an input validation error vulnerability that stems from the inclusion of maliciously crafted AttesterSlashing or ProposerSlashing on the chain, which may have a consensus split...