SocializingPool.verifyProof currently incorporates a zero index check which blocks the entry of an index value of 0. While this check is designed to prevent the use of invalid index values, it inadvertently prohibits the valid index value of 0. This may lead to undesired outcomes and it's vital to rectify this problem to guarantee the contract operates correctly.
Proof of Concept
verifyProof() tests whether _index equals 0 or exceeds lastReportedRewardsData.index. However, the _index == 0 validation is superfluous and needs to be removed. This exclusion of the index value 0 may cause difficulties when dealing with the contract in missing out the zero indexed cycle.
It's also worth noting that the _index == 0 check is not in line with the fact that the current reward index can indeed be 0. This zero index will first be added 1:
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/SocializingPool.sol#L170
Vulnerability details
Impact
SocializingPool.verifyProof
currently incorporates a zero index check which blocks the entry of an index value of 0. While this check is designed to prevent the use of invalid index values, it inadvertently prohibits the valid index value of 0. This may lead to undesired outcomes and it's vital to rectify this problem to guarantee the contract operates correctly.Proof of Concept
verifyProof()
tests whether_index
equals 0 or exceedslastReportedRewardsData.index
. However, the_index == 0
validation is superfluous and needs to be removed. This exclusion of the index value 0 may cause difficulties when dealing with the contract in missing out the zero indexed cycle.SocializingPool.sol#L163-L176
It's also worth noting that the
_index == 0
check is not in line with the fact that the current reward index can indeed be 0. This zero index will first be added 1:SocializingPool.sol#L187-L189
and then reflected herewith:
SocializingPool.sol#L191-L203
and eventually show up as
_index == 1
on line 212:SocializingPool.sol#L205-L227
Recommended Mitigation Steps
It is suggested refactoring the impacted code by removing
_index == 0
from the if block inverifyProof()
.Assessed type
Error