The final step to update the native node balance involves calling validateSnapshotProofs(...), as shown below. This function can be called by anyone. However, the primary issue is that the function will revert if any validator is inactive. This will prevent any future calls to startSnapshot(...).
function validateSnapshotProofs(...)
{
// ...
for (uint256 i = 0; i < balanceProofs.length; i++) {
NativeVaultLib.ValidatorDetails memory validatorDetails =
node.validatorPubkeyHashToDetails[balanceProofs[i].pubkeyHash];
if (validatorDetails.status != NativeVaultLib.ValidatorStatus.ACTIVE) revert InactiveValidator(); // @audit will revert if it is inactive
// ...
}
// ...
}
function _startSnapshot(...)
internal
{
if (node.currentSnapshotTimestamp != 0) revert PendingIncompleteSnapshot(); // @audit as long as the snapshot is not completed( by deleting `node.currentSnapshotTimestamp` in `_updateSnapshot(...)` , the function will revert
// ...
}
The failure to successfully execute validateSnapshotProofs(...) will prevent any future calls to startSnapshot(...), thereby breaking the NativeVault functionality and stopping users from receiving potential rewards.
Tools Used
Manual review
Recommended Mitigation Steps
Consider a safe way to exclude inactive validators
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/ab18e1f6c03e118158369527baa2487b2b4616b1/src/NativeVault.sol#L148
Vulnerability details
Description:
The final step to update the native node balance involves calling
validateSnapshotProofs(...), as shown below. This function can be called by anyone. However, the primary issue is that the function will revert if any validator is inactive. This will prevent any future calls tostartSnapshot(...).The failure to successfully execute
validateSnapshotProofs(...)will prevent any future calls tostartSnapshot(...), thereby breaking the NativeVault functionality and stopping users from receiving potential rewards.Tools Used
Manual review
Recommended Mitigation Steps
Assessed type
DoS