Open code423n4 opened 1 year ago
Picodes changed the severity to 2 (Med Risk)
Thank you pointing it out. We will move this logic to oracle.
manoj9april marked the issue as sponsor confirmed
Keeping Med severity considering this could be an instance of "function of the protocol or its availability could be impacted"
Picodes marked the issue as satisfactory
This is fixed
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PermissionlessNodeRegistry.sol#L183 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PermissionedNodeRegistry.sol#L254
Vulnerability details
Impact
The OPERATOR role holds a lot of power within the system, which can compromise the both the system integrity and it's permission-less nature.
Proof of Concept
The OPERATOR key is responsible for confirming marking each validator submitted key as either valid or invalid, without any assurance to validators.
Which is not strictly true, since any participant in the system must be vetted by the OPERATOR, which can arbitrarily mark as invalid or frontrun key without the need to provide justification or having an appeal system. Alternatively, the OPERATOR can simple ignore the added key and never mark it as
ready to deposit
.Therefore, the pool can't be considered permissionless, since participants must rely on the benevolence of the OPERATOR to participate.
Tools Used
Manual Review
Recommended Mitigation Steps
There is no simple fix for the issue, but at minimum, the protocol shouldn't be advertised as permissioneless.
Assessed type
Rug-Pull