issues
search
code-423n4
/
2024-07-karak-findings
0
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
nodeOwners that deposited assets after slashing will account for the slashed assets
#105
howlbot-integration[bot]
closed
1 month ago
1
Error in Slashing calculation causes users to lose double the intended amount
#104
howlbot-integration[bot]
closed
1 month ago
1
The DSS can slash an operator even after they change their vault to be staked to another DSS
#103
howlbot-integration[bot]
closed
1 month ago
2
Slashing NativeVault will lead to locked ETH for the users
#102
howlbot-integration[bot]
opened
1 month ago
3
Upgraded Q -> 2 from #22 [1723479041527]
#100
c4-judge
closed
2 months ago
3
NodeOwners lose partial/full remaining stake after NativeVault suffers a slash request
#99
howlbot-integration[bot]
closed
2 months ago
1
Incorrect order of operations during a snapshot validation can result in stuck ETH due to an underflow.
#98
howlbot-integration[bot]
closed
2 months ago
1
QA Report
#97
howlbot-integration[bot]
opened
2 months ago
2
QA Report
#96
howlbot-integration[bot]
opened
2 months ago
2
Insufficient Funds for Slashing Due to Time Delay Could Render Slashing Mechanism Ineffective
#95
howlbot-integration[bot]
closed
2 months ago
1
Operators can stake a vault more than once to a single DSS
#94
howlbot-integration[bot]
opened
2 months ago
6
Protocol could be tricked by some tokens stemming from the fact that rebasing/FOT tokens are not handled correctly
#93
howlbot-integration[bot]
closed
1 month ago
13
WETH compatibility issue on Blast chain
#92
howlbot-integration[bot]
closed
2 months ago
3
Operators can finalize vault stake updates even when unregistered from DSS, disrupting DSS slashing ruquests
#91
howlbot-integration[bot]
closed
2 months ago
3
Missing access control in `Core::finalizeUpdateVaultStakeInDSS` allows unauthorized stake updates
#90
howlbot-integration[bot]
closed
2 months ago
1
Operator can bypass MIN_STAKE_UPDATE_DELAY by spamming requestUpdateVaultStakeInDSS()
#89
howlbot-integration[bot]
opened
2 months ago
7
Users that deposits after a DSS slash requested can lose funds unjustly
#88
howlbot-integration[bot]
closed
2 months ago
2
An Operator can deploy a vault with a controlled slash store to receive slashed Eth from NativeVault
#87
howlbot-integration[bot]
closed
2 months ago
1
DOSing of NativeVault deployment.
#86
howlbot-integration[bot]
closed
2 months ago
3
Operator can become one of the trusted roles
#85
howlbot-integration[bot]
closed
2 months ago
1
Operator can evade slashing by using unregistered slashHandler address
#84
howlbot-integration[bot]
closed
2 months ago
3
NodeOwners can evade DSS slash in NativeVault.
#83
howlbot-integration[bot]
closed
2 months ago
2
operator customizes the slashStore address, it results in slashAssets always reverting
#82
howlbot-integration[bot]
closed
2 months ago
3
The operator can use any arbitrary nodeImplementation and grant themselves the manager role
#81
howlbot-integration[bot]
closed
2 months ago
2
User can request update of the vault stake and then unregister before finalization
#80
howlbot-integration[bot]
closed
2 months ago
3
MIN_STAKE_UPDATE_DELAY for staking a vault may disincentivize users to stake
#79
howlbot-integration[bot]
closed
2 months ago
5
NativeVault's `MANAGER_ROLE` is untrusted and allows malicious operators to steal all funds from the native nodes
#78
howlbot-integration[bot]
closed
2 months ago
1
Operators can steal slashed funds
#77
howlbot-integration[bot]
closed
2 months ago
1
DSS can deposit assets into the vault by oneself, which can lead to vault users losing more slashed assets
#76
howlbot-integration[bot]
closed
2 months ago
7
Invalid slash store validation makes it possible for operator to dodge slashing
#75
howlbot-integration[bot]
closed
2 months ago
1
Attacker can DOS a new user in Native Restaking
#74
howlbot-integration[bot]
opened
2 months ago
2
During NativeVault deployment, insufficient validation of the `extraData` parameter allows for the theft of staker funds and prevention of the vault slashing.
#73
howlbot-integration[bot]
closed
2 months ago
1
The manager of a `NativeVault` can prevent a user to withdraw their funds during a certain time.
#72
howlbot-integration[bot]
closed
2 months ago
5
finalizeUpdateVaultStakeInDSS() can be called after an operator has unregistered from the DSS
#71
howlbot-integration[bot]
closed
2 months ago
1
A DSS cannot stop staking of a vault that doesn't meet its conditions
#70
howlbot-integration[bot]
opened
2 months ago
6
Operators can stake vaults without being registered in the DSS
#69
howlbot-integration[bot]
closed
2 months ago
1
If slashingHandler for ETH is changed in the Core.sol it will be impossible to slash any of the already deployed NativeVaults.
#68
howlbot-integration[bot]
closed
2 months ago
6
a malicious user can submit a invalid snapshot
#67
howlbot-integration[bot]
closed
2 months ago
3
MAX_SLASHING_PERCENT_WAD can be exceeded if a NativeVault's balance is unstable
#66
howlbot-integration[bot]
closed
2 months ago
11
The operator can still access `Core::finalizeUpdateVaultStakeInDSS()` even after unregistering from the DSS.
#65
howlbot-integration[bot]
closed
2 months ago
1
Front-running Vulnerability in NativeVault Snapshot Process
#64
howlbot-integration[bot]
closed
2 months ago
5
Race Condition between Withdrawals and Slashing
#63
howlbot-integration[bot]
closed
2 months ago
1
Operators can finalize their vault staking to DSS even after unregistering from them due to missing registered check for operator on DSS
#62
howlbot-integration[bot]
closed
2 months ago
1
Request update stake can be repeated for a vault to a DSS even when the vault is staked already
#61
howlbot-integration[bot]
opened
2 months ago
10
no checks to find whether any vault is pending for finailsed staking in a DAA while unregistering the DSS
#60
howlbot-integration[bot]
closed
2 months ago
5
New NodeOwners can be griefed by forcing them to provide proof for an empty snapshot without any shares increase/decrease on their node
#59
howlbot-integration[bot]
opened
2 months ago
5
It is possible to bypass validateWithdrawalCredentials
#58
howlbot-integration[bot]
closed
2 months ago
4
NativeVault.sol :: validateExpiredSnapshot() will always revert, making it impossible for users from initiating a new snapshot.
#57
howlbot-integration[bot]
closed
2 months ago
4
Slashing may sometimes fail for stETH vaults due to its 1-2 wei corner problem
#56
howlbot-integration[bot]
closed
2 months ago
5
The operator can create a `NativeVault` that can be silently unslashable.
#55
howlbot-integration[bot]
opened
2 months ago
6
Next