Validator can set fee to make profit by calling unbond_public and bond_validator in a loop
Summary
Validator can set fee to make profit by calling unbond_public and bond_validator in a loop
Vulnerability Detail
In https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L159
The Validator can call unbond to cancel the Validator when the Staker is not paying attention, and call bond_validator again to reactivate the Validator after 360 heights, but the commission is twice the original when rebonding_validator. Repeat the operation again in the early morning of the next day to adjust the commission to the original value. This action is difficult to detect except for checking the records on the chain. This will cause all Stakers of this Validator to have no income within 720 heights, and the commission during this period is also twice the original normal commission. This is obviously unreasonable
Impact
Stakers do not have a reasonable mechanism to protect their own income
Code Snippet
function bond_validator:
// Input the withdrawal address.
input r0 as address.public;
// Input the amount of microcredits to bond.
input r1 as u64.public;
// Input the commission percentage.
input r2 as u8.public;
function bond_public:
// Input the validator's address.
input r0 as address.public;
// Input the withdrawal address.
input r1 as address.public;
// Input the amount of microcredits to bond.
input r2 as u64.public;
Tool used
Manual Review
Recommendation
It takes a period for the commission adjustment to take effect, which is convenient for stakers to make choices
wl
Medium
Validator can set fee to make profit by calling unbond_public and bond_validator in a loop
Summary
Validator can set fee to make profit by calling unbond_public and bond_validator in a loop
Vulnerability Detail
In https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L159 The Validator can call unbond to cancel the Validator when the Staker is not paying attention, and call bond_validator again to reactivate the Validator after 360 heights, but the commission is twice the original when rebonding_validator. Repeat the operation again in the early morning of the next day to adjust the commission to the original value. This action is difficult to detect except for checking the records on the chain. This will cause all Stakers of this Validator to have no income within 720 heights, and the commission during this period is also twice the original normal commission. This is obviously unreasonable
Impact
Stakers do not have a reasonable mechanism to protect their own income
Code Snippet
function bond_validator: // Input the withdrawal address. input r0 as address.public; // Input the amount of microcredits to bond. input r1 as u64.public; // Input the commission percentage. input r2 as u8.public;
function bond_public: // Input the validator's address. input r0 as address.public; // Input the withdrawal address. input r1 as address.public; // Input the amount of microcredits to bond. input r2 as u64.public;
Tool used
Manual Review
Recommendation
It takes a period for the commission adjustment to take effect, which is convenient for stakers to make choices