search

code-423n4 / 2024-03-gitcoin-mitigation-findings

0 stars 0 forks source link

H-01 MitigationConfirmed #9

Open c4-bot-4 opened 7 months ago

c4-bot-4 commented 7 months ago

Lines of code

Vulnerability details

Mitigation comment

The sponsor correctly mitigated issue H-01 by adding a tracker for the mapping userTotalStaked which successfully adds the return amount of released funds back to the staker. This mapping wasn't previously updated to correspondent the returned amount of funds as a result even after the funds were released, they were not going to be withdrawable and would be permanently stuck in the system.

  function release(
    address staker,
    address stakee,
    uint88 amountToRelease,
    uint16 slashRound
  ) external onlyRole(RELEASER_ROLE) whenNotPaused {
    if (slashRound < currentSlashRound - 1) {
      revert RoundAlreadyBurned();
    }

    if (stakee == address(0)) {
      revert AddressCannotBeZero();
    }

    if (staker == address(0)) {
      revert AddressCannotBeZero();
    }

+   userTotalStaked[staker] += amountToRelease;
    if (staker == stakee) {
      if (amountToRelease > selfStakes[staker].slashedAmount) {
        revert FundsNotAvailableToRelease();
      }

      if (selfStakes[staker].slashedInRound != slashRound) {
        revert FundsNotAvailableToReleaseFromRound();
      }

      selfStakes[staker].slashedAmount -= amountToRelease;
      selfStakes[staker].amount += amountToRelease;
    } else {
      if (amountToRelease > communityStakes[staker][stakee].slashedAmount) {
        revert FundsNotAvailableToRelease();
      }

      if (communityStakes[staker][stakee].slashedInRound != slashRound) {
        revert FundsNotAvailableToReleaseFromRound();
      }

      communityStakes[staker][stakee].slashedAmount -= amountToRelease;
      communityStakes[staker][stakee].amount += amountToRelease;
    }

    totalSlashed[slashRound] -= amountToRelease;

    emit Release(staker, stakee, amountToRelease);
  }

l would only suggest the userTotalStaked value to be updated at the end of the function alongside the totalSlashed one, but that's more like a design choice rather than issue in my opinion.

    totalSlashed[slashRound] -= amountToRelease;
+   userTotalStaked[staker] += amountToRelease;

    emit Release(staker, stakee, amountToRelease);
  }
c4-judge commented 7 months ago

GalloDaSballo marked the issue as satisfactory