c4-judge
commented
1 year ago Picodes changed the severity to 2 (Med Risk)
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes changed the severity to 2 (Med Risk)
manoj9april
commented
1 year ago Thank you pointing it out. We will move this logic to oracle.
c4-sponsor
commented
1 year ago manoj9april marked the issue as sponsor confirmed
Picodes
commented
1 year ago Keeping Med severity considering this could be an instance of "function of the protocol or its availability could be impacted"
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
sanjay-staderlabs
commented
1 year ago This is fixed
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PermissionlessNodeRegistry.sol#L183 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PermissionedNodeRegistry.sol#L254
Vulnerability details
Impact
The OPERATOR role holds a lot of power within the system, which can compromise the both the system integrity and it's permission-less nature.
Proof of Concept
The OPERATOR key is responsible for confirming marking each validator submitted key as either valid or invalid, without any assurance to validators.
Which is not strictly true, since any participant in the system must be vetted by the OPERATOR, which can arbitrarily mark as invalid or frontrun key without the need to provide justification or having an appeal system. Alternatively, the OPERATOR can simple ignore the added key and never mark it as
ready to deposit.Therefore, the pool can't be considered permissionless, since participants must rely on the benevolence of the OPERATOR to participate.
Tools Used
Manual Review
Recommended Mitigation Steps
There is no simple fix for the issue, but at minimum, the protocol shouldn't be advertised as permissioneless.
Assessed type
Rug-Pull