search

code-423n4 / 2022-09-frax-findings

2 stars 1 forks source link

removeValidator without dont_care_about_ordering may always revert if there are too many validators. #318

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/OperatorRegistry.sol#L114-L118

Vulnerability details

Impact

removeValidator without dont_care_about_ordering may always revert if there are too many validators. Due to gas limit.

Proof of Concept

            // Fill the new validators array with all except the value to remove
            for (uint256 i = 0; i < original_validators.length; ++i) {
                if (i != remove_idx) {
                    validators.push(original_validators[i]);
                }
            }

These lines in the OperatorRegistry contract will be reverted with the gas limit if the original_validators count is too high

Recommended Mitigation Steps

Limit the number of validators

FortisFortuna commented 2 years ago

We plan to keep an eye on the number free validators and have a decent sized buffer of them.

joestakey commented 2 years ago

Duplicate of #12