Dobry - Missing check for `validatorId`

[sherlock-admin2]

Dobry

medium

Missing check for validatorId

med

Summary

The getValidatorCompoundedStakingData does not check if the validatorId is < than validatorsN.

Vulnerability Detail

getValidatorCompoundedStakingData function in OperationalStaking.sol should check if the passed parameter (validatorId) is less than the validators Number ( validatorsN )

Impact

This may lead to an unexpected behaviour in the first line of the function - Validator storage v = _validators[validatorId];

Code Snippet

    function getValidatorCompoundedStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
        Validator storage v = _validators[validatorId];
        // this includes staked + compounded rewards
        staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
        // this includes delegated + compounded rewards
        delegated = _sharesToTokens(v.totalShares, v.exchangeRate) - staked;
        return (staked, delegated);
    }

Tool used

Manual Review

Recommendation

Add a require statement on the first line of the function:

    function getValidatorCompoundedStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
+      require(validatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[validatorId];
        // this includes staked + compounded rewards
        staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
        // this includes delegated + compounded rewards
        delegated = _sharesToTokens(v.totalShares, v.exchangeRate) - staked;
        return (staked, delegated);
    }

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

[noslav]

fixed by input validation for validator admin actions - sa77

[nevillehuang]

Invalid, view function not used anywhere else in the contract, so this is purely a sanity check