c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #213
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #213
c4-judge
commented
1 year ago GalloDaSballo marked the issue as partial-50
GalloDaSballo
commented
1 year ago
Judge has assessed an item in Issue #510 as 3 risk. The relevant finding follows:
In red are the state transitions that can only be performed with special privileges
recreateMinipool(): The following transitions will be performed Withdrawable->PreLaunch Error->PreLaunch
createMinipool(): will perform the following transition: Finished->PreLaunch Canceled->PreLaunch
There is a problem with both methods here. The methods only verify that the state can be converted, not that the current state is legal For example:
If the current state is Finished, you can still call recreateMinipool() If the current state is Withdrawable, you can still call createMinipool() This will result in: 1:recreateMinipool() can be front-run by executing recordStakingEnd() to get back the stake first, and then executing recreateMinipool() will get more stake 2:the new stake will overwrite the old stake, the old stake has not been retrieved, resulting in the loss of