MISSING ACCESS CONTROL AND MISSING LOGICAL CHECKS IN PENALTY.sol

[code423n4]

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Penalty.sol#L144-L148

Vulnerability details

Impact

In the penalty.sol contract anyone can call the markValidatorSettled(...) function to clear the penalty of an erring validator.

Proof of Concept

Anyone can clear the penalty of an erring validator without by calling markValidatorSettled(...) as the function does not implement a logic check that the validator has actually settled its debt.

Ideally the markValidatorSettled(...) function should check that the validator has settled its penalty before clearing, however due to

• the missing check for the outstanding penalty balance and
• the missing logic to exit validators who have exceeded their penalty threshold in the updateTotalPenaltyAmount(...) function.

Validators with outstanding penalty and also validators who have exceeded their penalty threshold who should have been kicked out but remain in the system can avoid getting kicked out by calling markValidatorSettled(...) to clear their penalty.

Tools Used

VS code

Recommended Mitigation Steps

Perform checks for

• outstanding validator penalty before clearing the balance or reverting the call

Assessed type

Access Control

[c4-judge]

Picodes marked the issue as duplicate of #173

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid