The createStakingInstance function is to create and initialize new staking proxy instances, but the function does not adequately verify that the new instance is fully operational after initialization. and this oversight can lead to the deployment of instances that are incapable of performing their intended functions, resulting in potential disruptions in staking operations here is the vulnerable part :
Users might deposit funds into a staking instance that doesn't function correctly, and leading to their funds being locked or inaccessible. This can result in potential loss of funds.
Tools Used
manual review
Recommended Mitigation Steps
it's need to check that the instance is functional after initialization by attempting to call a known method (emissionsAmount). If this method call fails, it indicates that the instance is not properly set up, and the function revert
Lines of code
https://github.com/code-423n4/2024-05-olas/blob/3ce502ec8b475885b90668e617f3983cea3ae29f/registries/contracts/staking/StakingFactory.sol#L215-L216
Vulnerability details
Description:
The createStakingInstance function is to create and initialize new staking proxy instances, but the function does not adequately verify that the new instance is fully operational after initialization. and this oversight can lead to the deployment of instances that are incapable of performing their intended functions, resulting in potential disruptions in staking operations here is the vulnerable part :
Impact
Users might deposit funds into a staking instance that doesn't function correctly, and leading to their funds being locked or inaccessible. This can result in potential loss of funds.
Tools Used
manual review
Recommended Mitigation Steps
it's need to check that the instance is functional after initialization by attempting to call a known method (emissionsAmount). If this method call fails, it indicates that the instance is not properly set up, and the function revert
Assessed type
Other