Description:Description: The nomination_pools module uses the staked variable to determine whether an agent can join a nomination pool. However, the reduction of self.staked occurs in the start_unbond function, not in the withdraw_unbonded function. This leads to an inconsistency where an agent may attempt to rejoin a pool after being unbonded but not withdrawn(the agent reaped in the withdrawn step, not the unbound step), causing a potential denial-of-service (DOS) vulnerability in the stake function.
Impact: DOS vulnerability in the stake function
Scenario:
An agent initially joins a nomination pool.
The agent is unbonded but not withdrawn, resulting in staked = 0.
The agent attempts to rejoin the pool in the next deposit and it reverts.
@@ -108,7 +111,9 @@ mod nomination_agent {
if Self::env().caller() != vault {
return Err(RuntimeError::Unauthorized);
}
-
+ if self.staked == 0 {
+ self.joined = 0
+ }
This revision ensures that the agent does not attempt to rejoin a pool if they have been unbonded but not withdrawn, preventing the DOS vulnerability in the stake function.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x588cdd2499992876146eabbb7a4c9f876c858fc05954ae02d5f28df87a0c921b Severity: medium
Description: Description: The
nomination_pools
module uses thestaked
variable to determine whether an agent can join a nomination pool. However, the reduction ofself.staked
occurs in thestart_unbond
function, not in thewithdraw_unbonded
function. This leads to an inconsistency where an agent may attempt to rejoin a pool after being unbonded but not withdrawn(the agent reaped in the withdrawn step, not the unbound step), causing a potential denial-of-service (DOS) vulnerability in the stake function.Impact: DOS vulnerability in the stake function
Scenario:
staked = 0
.Revised Code File (Optional):
withdraw_unbonded:
This revision ensures that the agent does not attempt to rejoin a pool if they have been unbonded but not withdrawn, preventing the DOS vulnerability in the stake function.