search

code-423n4 / 2021-10-covalent-findings

0 stars 0 forks source link

No sanity check in `addValidator`. #61

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

jonah1005

Vulnerability details

Impact

No sanity check in addValidator. The commission rate can be set > 1e18. The same validator can be added multiple times.

Proof of Concept

https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#L345-L351

Tools Used

None

Recommended Mitigation Steps

Recommend to add some check as in setValidatorCommissionRate.

kitti-katy commented 3 years ago
  1. The same validator can be added multiple times. - this is the required behaviour (in case of if we disable validator and then decide to enable it back by adding a new instance)
  2. duplicate of #20