search

code-423n4 / 2024-09-karak-mitigation-findings

0 stars 0 forks source link

ADD-02 MitigationConfirmed #11

Open c4-bot-8 opened 2 months ago

c4-bot-8 commented 2 months ago

Lines of code

Vulnerability details

Comments

link

The ADD-02 fix modifies how validatorDetails.lastBalanceUpdateTimestamp is set in the validateWithdrawalCredentials function. Specifically, this fix updates validatorDetails.lastBalanceUpdateTimestamp to node.lastSnapshotTimestamp when node.currentSnapshotTimestamp is zero; otherwise, it uses node.currentSnapshotTimestamp.

    function validateWithdrawalCredentials(
        Storage storage self,
        address nodeOwner,
        bytes32 beaconStateRoot,
        BeaconProofs.ValidatorFieldsProof calldata validatorFieldsProof
    ) internal returns (uint256) {
        ...
        validatorDetails.lastBalanceUpdateTimestamp =
            node.currentSnapshotTimestamp == 0 ? node.lastSnapshotTimestamp : node.currentSnapshotTimestamp;
    ...
    }

This approach ensures that the lastBalanceUpdateTimestamp consistently reflects the latest relevant snapshot data. By using snapshot timestamps as the reference point, the implementation ensures the timestamp used for balance updates is always derived from the most current recorded state.

c4-judge commented 2 months ago

MiloTruck marked the issue as satisfactory