Bauer - The `enableValidator()` function does not check if the stake amount exceeds the maximum value

[sherlock-admin]

Bauer

medium

The enableValidator() function does not check if the stake amount exceeds the maximum value

Summary

In the enableValidator() function, as the exchangeRate might have changed, the protocol does not check if the stake amount exceeds the maximum value.

Vulnerability Detail

In the enableValidator() function, the protocol only checks if the stake amount is greater than validatorEnableMinStake but does not check for validatorMaxStake, as exchangeRate() might have changed.

    function enableValidator(uint128 validatorId) external onlyStakingManagerOrOwner {
        require(validatorId < validatorsN, "Invalid validator");
        Validator storage v = _validators[validatorId];

        if (v.disabledAtBlock == 0) {
            // if validator is already enabled, succeed quietly
            return;
        }

        uint128 staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);

        require(staked >= validatorEnableMinStake, "Validator is insufficiently staked");

        v.disabledAtBlock = 0;
        emit ValidatorEnabled(validatorId);
    }

Impact

May exceed the maximum mint amount.

Code Snippet

https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L333-L348

Tool used

Manual Review

Recommendation

Check if staked is less than the maximum value.

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid: admin function

[noslav]

check is done in _stake

[nevillehuang]

Invalid, this check is performed in _stake() as seen here. Additionally, this is purely a sanity check since this is a trusted admin action, wherein they can always pre-check a validators balance before hand.