Handling a Malicious Operator Adding / Overweighting Malicious Staking Pools

[fyquah]

How does meta-pool prevent a malicious operator / owner from setaling coins via a malicious staking pool? A attack vector i'm thinking of:

1. A malicious actor gets voted in as an operator
2. The owner creates malicious contract that implements the staking pool NEP. The malicious bit is deposit simply increases their balance in the staking pool, regardless of the sender. And withdraw only ever withdraws to the attacker's address
3. The owner adds the staking pool to the list of staking pools in metapool, and overweights it in the following line:

https://github.com/Narwallets/meta-pool/blob/607556c38d19947f3f7113617e2a5b30f0b1cfd3/metapool/src/owner.rs#L71

4. When people run ping or stake, then coins are "stolen" into the malicious staking pool that implements the NEP, but is otherwise malicious

I feel like I'm missing something - or is such attacks simply possible?

[luciotato]

Solution: add a check that all the staking-pools account_ids are in the form .poolv1.near, and that will solve the issue, because all staking-pools created as .poolv1.near can only be deployed by the whitelisted stake-pool factory

[luciotato]

Thanks @fyquah for the report!