Open howlbot-integration[bot] opened 2 months ago
MiloTruck marked the issue as unsatisfactory: Out of scope
MiloTruck marked the issue as not a duplicate
MiloTruck removed the grade
MiloTruck marked the issue as duplicate of #61
MiloTruck changed the severity to QA (Quality Assurance)
MiloTruck marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/ab18e1f6c03e118158369527baa2487b2b4616b1/src/Core.sol#L130
Vulnerability details
Impact
Operators can request and finalize staking a vault more than once to a single DSS which will also allow spending unnecessary gas fee.
Proof of Concept
Add the below test function in
/test/core/operatorDSS.t.sol
and then run the test with this forge command.forge test --mt test_my_request_stake_update_request
Tools Used
Manual review
Recommended Mitigation Steps
Add a check for when the vault was already staked to a DSS by the operator.
Assessed type
Invalid Validation