4b - In `OperationalStaking.sol` there is no penalisation of Network Operators that are dishonest or malicious this can result in misbehaviour of Network Operators

[sherlock-admin2]

4b

high

In OperationalStaking.sol there is no penalisation of Network Operators that are dishonest or malicious this can result in misbehaviour of Network Operators

Summary

In the docs, the staking section states that whenever a Network Operator is dishonest or has malicious intent, this Network Operator is penalized by slashing a percentage of their staked amount. But in this contract there is no mechanism or logic like that

Vulnerability Detail

This contract does not have any logic that penalizes network operators who are dishonest or have malicious intent without interfering with the operation of the protocol as said in the documentation,

The only function that exists that penalizes network operators is freezeValidator which interferes with the functionality of the protocol, Imagine a number of operators are frozen at the same time this can interfere with the functionality of the protocol or even lead to a DoS.

Impact

• Network operators might misbehave frequently.
• Researchers might be misled from the docs.

Code Snippet

The freezeValidator function: https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L877-L885

Tool used

Manual Review

Recommendation

The slashing logic must be implemented into the staking contract or the documentation needs to be updated with current penalizing mechanism.

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

[nevillehuang]

Invalid, future integration and design opinions, so out of scope.