Description:Description
The minimum stake that can go through a nomination pool is 10 AZERO. This minimum stake requirement is enforced in the stake function as shown here. However, there is no such check in the nomination_agent::compound function, which can cause the entire compound function to revert if the amount is below the minimum stake. This can lead to a Denial of Service (DoS) in the compound function.
Impact
This issue can cause the compound function to revert, leading to a Denial of Service (DoS) in the compound operation, which affects the normal functioning of the contract.
Proof of Concept (PoC)
The following code snippet shows the section of the nomination_agent::compound function where the issue occurs:
let incentive = balance * incentive_percentage as u128 / BIPS;
let compound_amount = balance - incentive;
self.staked += compound_amount;
// Bond AZERO to nomination pool
self.env()
.call_runtime(&RuntimeCall::NominationPools(
NominationCall::BondExtra {
extra: BondExtra::FreeBalance {
balance: compound_amount,
}
}
))?;
Revised Code File (Optional)
To fix this issue, add a check to ensure that compound_amount meets the minimum stake requirement before proceeding with the bonding operation:
let incentive = balance * incentive_percentage as u128 / BIPS;
let compound_amount = balance - incentive;
+if compound_amount >= minimum_stake {
self.staked += compound_amount;
// Bond AZERO to nomination pool
self.env()
.call_runtime(&RuntimeCall::NominationPools(
NominationCall::BondExtra {
extra: BondExtra::FreeBalance {
balance: compound_amount,
}
}
))?;
+}
By adding this check, you can prevent the compound function from reverting due to insufficient stake amounts, thus avoiding a DoS scenario.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x109b9c70352753d22fcdd5f5ccae2d8b22a9b8be3293ebcf259c396fbed7008e Severity: medium
Description: Description The minimum stake that can go through a nomination pool is 10 AZERO. This minimum stake requirement is enforced in the
stake
function as shown here. However, there is no such check in thenomination_agent::compound
function, which can cause the entirecompound
function to revert if the amount is below the minimum stake. This can lead to a Denial of Service (DoS) in thecompound
function.Impact This issue can cause the
compound
function to revert, leading to a Denial of Service (DoS) in the compound operation, which affects the normal functioning of the contract.Proof of Concept (PoC) The following code snippet shows the section of the
nomination_agent::compound
function where the issue occurs:Revised Code File (Optional) To fix this issue, add a check to ensure that
compound_amount
meets the minimum stake requirement before proceeding with the bonding operation:By adding this check, you can prevent the
compound
function from reverting due to insufficient stake amounts, thus avoiding a DoS scenario.