Open c4-bot-6 opened 5 months ago
GalloDaSballo marked the issue as satisfactory
GalloDaSballo marked the issue as confirmed for report
Agree with the considerations
I highly recommend invariant testing on never reverting on that line, perhaps by having a custom error and having a invariant test that ensures the function never reverts with that specific error
Lines of code
Vulnerability details
Original Issue
H-01: userTotalStaked invariant will be broken due to vulnerable implementations in release()
Comments
The original issue is state variable
userTotalStaked
is not updated in therelease()
flow, causing state accounting conflicts. The impact was user might not be able to fully withdraw their entitled staked amount, or user might not be able to be slashed again if they have been released slash amount before.Mitigation
PR#8
userTotalStaked
variable is now updated inrelease()
with theamountToRelease
. This bringsuserTotalStaked
andselfStakes
/communityStakes
accounting in sync inrelease()
flow.(https://github.com/gitcoinco/id-staking-v2/blob/7c19717aeab91a0166fc1ca50f443ee2ce7483f0/contracts/IdentityStaking.sol#L665C1-L665C48) In addition, since
userTotalStaked
,selfStakes
/communityStakes
are in sync in all other flows (staking, withdrawing and slashing). The issue of accounting conflict caused byuserTotalStaked
is effectively mitigated.Test
Attack vectors averted with mitigation. Added tests passed.
Conclusion
LGTM