Closed c4-judge closed 1 year ago
Judge has assessed an item in Issue #508 as 3 risk. The relevant finding follows:
[L-05] Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L198
The expectedAVAXRewardsAmt will be propotional to the duration, leads to high amount of slashGGPAmt.
Recommended Mitigation Steps:
Add the check upper bound for duration.
GalloDaSballo marked the issue as duplicate of #493
GalloDaSballo marked the issue as partial-50
Ultimately shows that the slashing will happen based on duration, but is not as good, so 50%
Judge has assessed an item in Issue #508 as 3 risk. The relevant finding follows:
[L-05] Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L198
The expectedAVAXRewardsAmt will be propotional to the duration, leads to high amount of slashGGPAmt.
Recommended Mitigation Steps:
Add the check upper bound for duration.