-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A DSS cannot stop staking of a vault that doesn't meet its conditions #70
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-21
grade-b
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_20_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
Comments
howlbot-integration
bot
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
🤖_20_group
AI based duplicate group recommendation
bug
Something isn't working
duplicate-54
sufficient quality report
This report is of sufficient quality
labels
Aug 1, 2024
MiloTruck marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
label
Aug 11, 2024
MiloTruck removed the grade |
c4-judge
removed
the
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
label
Aug 11, 2024
MiloTruck marked the issue as not a duplicate |
MiloTruck marked the issue as duplicate of #21 |
c4-judge
added
duplicate-21
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Aug 11, 2024
MiloTruck changed the severity to QA (Quality Assurance) |
MiloTruck marked the issue as grade-b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-21
grade-b
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_20_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/main/src/entities/Operator.sol#L128
Vulnerability details
Impact
In
Operator::validateAndUpdateVaultStakeInDSS()
ignoreFailure
is set to true which means the DSS cannot cancel a started update even if the vault doesn't meet its conditions anymore.Proof of Concept
Let's look at the following example:
Core::requestUpdateVaultStakeInDSS()
to stake that vault. The DSS accepts it (doesn't revert).totalAssets()
of the vault are <= 100 000e18 which no longer meets the second DSS requirement.Core::finalizeUpdateVaultStakeInDSS()
and even if the DSS reverts, it will not affect the transcation and the state will be updated, so now that vault is staked in both DSSs without the consent of the second one.Notice that
Core::requestUpdateVaultStakeInDSS
has anignoreFailure: !requestStakeUpdate.toStake
which is correct, however when finalizing, the ignoreFailure is set totrue
instead of!toStake
. This prevents the DSS from canceling the update if the vault changes somehow in the meantime.Tools Used
Manual Review
Recommended Mitigation Steps
In
Operator::validateAndUpdateVaultStakeInDSS()
setignoreFailure
to!queuedStakeUpdate.updateRequest.toStake
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: