The finalizeUpdateVaultStakeInDSS function allows the operators to still register to the DSS even after unregistering from them after placing the vault stake update request.
This allows them to prevent from getting slashed from the operators and perform their tasks.
Then deploys their vault and creates a request to register on DSS.
Then unregisters from DSS, the operator will be able to perform this task as they have no vault staked to that DSS (only request is placed, but to the mapping corresponding to that DSS no vaults are added in the array).
Then call the finalizeUpdateVaultStakeInDSS to finally update their stake to the DSS.
Thus, operator have successfully put their stake to DSS, but are actually not registered.
Tools Used
Manual Review
Recommended Mitigation Steps
In the finalizeUpdateVaultStakeInDSS, add the following function check:
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/main/src/Core.sol#L146
Vulnerability details
Impact
finalizeUpdateVaultStakeInDSS
function allows the operators to still register to the DSS even after unregistering from them after placing the vault stake update request.Proof of Concept
finalizeUpdateVaultStakeInDSS
to finally update their stake to the DSS.Tools Used
Manual Review
Recommended Mitigation Steps
In the
finalizeUpdateVaultStakeInDSS
, add the following function check:Assessed type
Context