search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

No way out of the loop if operator not active #423

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PermissionedNodeRegistry.sol#L227

Vulnerability details

Impact

There is no way out of the loop if operator not active.

            do {
                if (!operatorStructById[i].active) {
                    continue;
                }
                uint256 remainingCapacity = validatorPerOperatorGreaterThanZero
                    ? remainingOperatorCapacity[i]
                    : getOperatorQueuedValidatorCount(i);
                uint256 newSelectedCapacity = Math.min(remainingCapacity, remainingValidatorsToDeposit);
                selectedOperatorCapacity[i] += newSelectedCapacity;
                remainingValidatorsToDeposit -= newSelectedCapacity;
                i = (i % totalOperators) + 1;
                if (remainingValidatorsToDeposit == 0) {
                    operatorIdForExcessDeposit = i;
                    break;
                }
            } while (i != operatorIdForExcessDeposit);

Proof of Concept

The check

if (!operatorStructById[i].active) {
    continue;
}

is the first thing in the while loop.

Assessed type

Error

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #155

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Out of scope