search

OriginProtocol / origin-dollar

OUSD and OETH are stablecoins that passively accrue yield while you are holding it
https://originprotocol.com
MIT License
112 stars 73 forks source link

OZ - Native Staking - M-01 All Addresses Are Registered Validators by Default #2081

Closed naddison36 closed 1 month ago

naddison36 commented 1 month ago

Contract Changes

Issue

In Solidity, an enum variable is automatically set to its first enumerated value if it is initialized without specifying a particular value. In ValidatorRegistrator.sol , REGISTERED is the default value of the VALIDATOR_STATE enum, meaning that it is possible to stake with any address even if registerSsvValidator were not called. Since the address would not be registered as a validator in the SSV Network, it would not perform validations correctly which could result in funds being lost due to slashing.

github-actions[bot] commented 1 month ago
Warnings
:warning: :eyes: This PR needs at least 2 reviewers

Generated by :no_entry_sign: dangerJS against ff0fae33ebc40819c1ee122a036c17ed814ea979

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 63.00%. Comparing base (8748170) to head (ff0fae3). Report is 1 commits behind head on sparrowDom/nativeStaking.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## sparrowDom/nativeStaking #2081 +/- ## ============================================================ + Coverage 62.99% 63.00% +0.01% ============================================================ Files 65 65 Lines 3243 3244 +1 Branches 839 840 +1 ============================================================ + Hits 2043 2044 +1 Misses 1197 1197 Partials 3 3 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

naddison36 commented 1 month ago

LGTM

There are some unit tests that were confirming that stake threshold amounts work correctly. I think those are missing the assertions confirming VALIDATOR_STATE for the pubkey has the correct value. We could also add those in

I've added assertions confirming validatorsStates for the pubkey has the correct value in the unit and fork tests

openzeppelin-code[bot] commented 1 month ago

OZ - Native Staking - M-01 All Addresses Are Registered Validators by Default

Generated at commit: ff0fae33ebc40819c1ee122a036c17ed814ea979

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 3
3
0
18
42
66
Dependencies Critical
High
Medium
Low
Note
Total		 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector