4 matches found
The increaseTotalValidatorActiveCount in PermissionedPool incorrectly adds requiredValidators instead of validatorToDeposit
Lines of code Vulnerability details Impact When the Stader Stake Pools Manager calls stakeUserETHToBeacon chain, it does so calculating the requiredValidators that can be added to the pool. The function internally also uses the allocateValidatorsAndUpdaterOperatorId to compute each operator's...
A trusted node has the ability to submit the ExchangeRate multiple times for a single reportingBlockNumber.
Lines of code Vulnerability details Impact In this code, a trusted node can submit data several times. The trusted node can submit ExchangeRateData and then it can submit different data again about same reportingBlockNumber. This will occur mess of staderOracle contract, so it will be needed to b...
User with large stacked ETH can deny other stacker from withdrawing.
Lines of code Vulnerability details Description The withdraw flow of Stader splitted in two steps, first the user has to requestWithdraw by passing his owned ETHx amount which add a new record to userWithdrawRequestsnextRequestId, second, finalizeUserWithdrawalRequest got called by any user to...
Attacker can frontrun user bid with wrong lotId and create the lot with that lotId, forcing the user to take a big loss
Lines of code Vulnerability details Impact User takes a huge loss by getting 1 SD token, but bidding an amount possibly much bigger. Attackers are incetivized to perform this if they are ETHx holders and want to increase the value of their tokens. Proof of Concept When a user adds a bid to the...