Open hats-bug-reporter[bot] opened 1 month ago
@bgibers how long do you expect DOS here ? imo, it would be hardly few mins.
Note, agents are added by the admin and they can be removed whenever needed by the admin.
The possibility of DOS is very low since anybody can stake and agent is allocated with funds and they join the pool.
@bgibers looking for your comments on this
Addressed in kintsu-contracts@5fe996
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x588cdd2499992876146eabbb7a4c9f876c858fc05954ae02d5f28df87a0c921b Severity: medium
Description: Description: The
delegate_compound
function iterates over all agents and callscompound
on them. However, if there is a revert in one of the agents' compound calls, the entire compound function will revert. Thenomination_agent::compound
function might revert if an agent has not yet joined the nomination pool or has already reaped from it.Impact: DOS vulnerability in the
compound
function.Scenario: If one of the agents has not yet joined the nomination pool or has already reaped from it, the
delegate_compound
function will revert.Revised Code File (Optional):
2 ways:
first:
By adding a check to ensure that the agent has joined the nomination pool before calling the
compound
function, potential DOS vulnerabilities in thedelegate_compound
function can be mitigated.second:
just like withdraw function, do not revert the call.