Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L276
_newValset parameter in updateValset can have validators that don't have enough power combined for passing the threshold.
check that the validators power combined is bigger than the threshold
Duplicate of #123
V-Staykov
commented
2 years ago V-Staykov
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-cudos/blob/main/solidity/contracts/Gravity.sol#L276
Vulnerability details
_newValset parameter in updateValset can have validators that don't have enough power combined for passing the threshold.
Recomendation mitigation steps
check that the validators power combined is bigger than the threshold