Open hats-bug-reporter[bot] opened 1 month ago
Hi @0xmahdirostami can you please share the code link where you see the revert.
if you can share the function call , that would be helpful to get a clear picture on this.
https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L2117 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L2127 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L1162 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L1188-L1196
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xb2f232676b39c9ab75a7783fa00e6d24d2df976858dd3d63f83f1d847d6babf9 Severity: medium
Description: Description Each agent must either unbond entirely or maintain at least the minimum required bond (
minimum_stake
) after theunbond
function. The current implementation indelegate_unbonding
does not account for this requirement, and if one of the agents reverts inunbond
function, it will lead to reverting insend_batch_unlock_requests
. This issue leads to a denial of service (DOS) in thesend_batch_unlock_requests
function due to incorrect calculations indelegate_unbonding
.Impact If the
send_batch_unlock_requests
function attempts to unbond an amount that results in an agent's stake being between 0 and 10 AZERO, it will cause the function to revert, leading to a DOS on thesend_batch_unlock_requests
functionality.Scenario there are 10 agents with a total of 1000AZERO. a user wants to unstake 200AZERO. after all, one agent will remain in a 0<<
minimum_stake
range and the function revert.Revised Code File (Optional) The solution is to check each agent in
delegate_unbonding
to ensure that the remaining staked value after unbonding will either be 0 or at leastminimum_stake
. If the unbonding amount would leave the staked value in the range of 0-10 AZERO, adjust the unbond amount to meet the requirements.