aktech297
commented
1 month ago Hi @0xmahdirostami can you please share the code link where you see the revert.
if you can share the function call , that would be helpful to get a clear picture on this.
Open hats-bug-reporter[bot] opened 1 month ago
aktech297
commented
1 month ago Hi @0xmahdirostami can you please share the code link where you see the revert.
if you can share the function call , that would be helpful to get a clear picture on this.
0xmahdirostami
commented
1 month ago https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L2117 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L2127 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L1162 -> https://github.com/paritytech/polkadot-sdk/blob/d5fe478e4fe2d62b0800888ae77b00ff0ba28b28/substrate/frame/nomination-pools/src/lib.rs#L1188-L1196
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xb2f232676b39c9ab75a7783fa00e6d24d2df976858dd3d63f83f1d847d6babf9 Severity: medium
Description: Description Each agent must either unbond entirely or maintain at least the minimum required bond (
minimum_stake) after theunbondfunction. The current implementation indelegate_unbondingdoes not account for this requirement, and if one of the agents reverts inunbondfunction, it will lead to reverting insend_batch_unlock_requests. This issue leads to a denial of service (DOS) in thesend_batch_unlock_requestsfunction due to incorrect calculations indelegate_unbonding.Impact If the
send_batch_unlock_requestsfunction attempts to unbond an amount that results in an agent's stake being between 0 and 10 AZERO, it will cause the function to revert, leading to a DOS on thesend_batch_unlock_requestsfunctionality.Scenario there are 10 agents with a total of 1000AZERO. a user wants to unstake 200AZERO. after all, one agent will remain in a 0<<
minimum_stakerange and the function revert.Revised Code File (Optional) The solution is to check each agent in
delegate_unbondingto ensure that the remaining staked value after unbonding will either be 0 or at leastminimum_stake. If the unbonding amount would leave the staked value in the range of 0-10 AZERO, adjust the unbond amount to meet the requirements.