Closed code423n4 closed 1 year ago
Picodes marked the issue as duplicate of #44
What about https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/StaderOracle.sol#L626 which prevent duplicates submissions?
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L107-L157 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L620-L631
Vulnerability details
Impact
In this code, a trusted node can submit data several times.
The trusted node can submit
ExchangeRateData
and then it can submit different data again about samereportingBlockNumber
.This will occur mess of
staderOracle
contract, so it will be needed to be checked.Proof of Concept
For example, in the
submitExchangeRateData
function ofstaderOracle
, if a trusted node submits theExchangeRate
multiple times, theExchangeRate
will be saved inStader Oracle
.However, it becomes challenging to determine which data is correct.
It's all because, oracle don't check last submmited
reportingBlockNumber
by certain trust node.It is important for
Stader Oracle
contract to check all cases.https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L107-L157
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L620-L631
Tools Used
Recommended Mitigation Steps
It's necessary to add additional code to check the reported Block number by one trust node.
Assessed type
Invalid Validation