sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: admin function
Closed sherlock-admin2 closed 9 months ago
sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: admin function
noslav
commented
9 months ago not required by design
nevillehuang
commented
8 months ago Invalid, this is an governance only function, it is trusted that they will vote to validate the appropriate operators.
ravikiran.web3
medium
BlockSpecimenProofChain::addBSPOperator() should add operator to only enabled validators, should revert for disabled validators
Summary
addBSPOperator() allows adding of new operator to even disabled validators as it does not check the validator status.
Vulnerability Detail
The addBSPOperator() does not validate the status of validator to be enabled before adding the new BSPOperator to it.
Impact
Adding operators to validators that are disabled is not beneficial until they are enabled back. This will negatively impact the delegators.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/BlockSpecimenProofChain.sol#L176-L185
Tool used
Manual Review
Recommendation
Add the below validation in addBSPOperator() to prevent adding BSPOperator to disabled validator.