search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

qmdddd - The function `setValidatorAddress` will cause the total amount of the validator's stake to exceed `validatorMaxStake`, thereby violating the protocol. #71

Closed sherlock-admin2 closed 9 months ago

sherlock-admin2 commented 9 months ago

qmdddd

medium

The function setValidatorAddress will cause the total amount of the validator's stake to exceed validatorMaxStake, thereby violating the protocol.

Summary

The function setValidatorAddress will cause the total amount of the validator's stake to exceed validatorMaxStake, thereby violating the protocol.

Vulnerability Detail

In the function setValidatorAddress, the validator can change the address. At the same time, the stake amount of the original validator is accumulated to the new address.

v.stakings[newAddress].shares += v.stakings[msg.sender].shares;
v.stakings[newAddress].staked += v.stakings[msg.sender].staked;

According to the protocol rules, the total stake amount of the validator cannot exceed validatorMaxStake. However, no inspections were carried out here, leading to possible violations of the protocol.

Impact

The total stake amount of the validator can exceed validatorMaxStake.

Code Snippet

https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L689-L711

https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L429

Tool used

Manual Review

Recommendation

Add corresponding checks as shown in function _stake.

require(newStaked <= validatorMaxStake, "Validator max stake exceeded");

Duplicate of #66

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: false under scenario B of the duplication rules thus making it high as a duplicate of issue 066; high(1)