c4-judge
commented
2 months ago MiloTruck marked the issue as satisfactory
Open c4-bot-6 opened 2 months ago
c4-judge
commented
2 months ago MiloTruck marked the issue as satisfactory
Lines of code
Vulnerability details
Lines of code
Vulnerability details
C4 Issue:
M-02: https://github.com/code-423n4/2024-07-karak-findings/issues/31
Comments
An original implementation of the
_decreaseBalance()function of the NativeVault could lead to an underflow revert in a situation where a sum of the Karak and BeaconChain slashing exceeded the node owner's total restaked balance. In scenario where Alice had 32 ETH restaked in the NativeVault, the NativeVault was slashed for 2 ETH and subsequently Alice's validator lost all of its funds, when_decreaseBalance()would be called, it would try to burn shares corresponding to 32 ETH, while Alice's shares only amount to 30 ETH.Mitigation
FIX Now amount of shares to burn is limited to be at most
balanceOf(user). This accounts for a situation where Karak slashes an operator for X amount, followed by beacon chain slashing for Y amount and X + Y exceeds the node owner's total restaked balance. The mitigation resolved the original issue.Conclusion
LGTM