Closed sherlock-admin3 closed 1 week ago
This isn't true. A validator can only be in the committee with 10M credits bonded to them. If that amount comes from a delegator and that delegator unbonds, the validator should be removed from the committee and not able to immediately rebond.
If a validator wants to guarantee that no delegator can unbond them, they need 10M credits and to call bond_validator
to ensure no delegator can put them below the 10M threshold.
knight110001
Medium
The unbond function should distinguish between calls made by the Validator and the Delegator when removing a validator.
Summary
The unbond function should distinguish between calls made by the Validator and the Delegator when removing a validator.
Vulnerability Detail
https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L600
The unbond function should distinguish whether it is called by the Validator or the Delegator when removing_validator. If it is called by the Validator, the current processing flow is fine. The funds of the Validator's Delegator need to be put into the unbond to ensure a height of 360 before continuing the bond_validator. However, if this function is called by an ordinary staker, the remove_validator can be removed, but once new Delegator funds come in, the Validator can bond_validator in time
Impact
There should be a difference between remove_validator caused by validator and staker calling unbond
Code Snippet
Tool used
Manual Review yes
Recommendation
When the caller is not a Validator, remove_validator should not be executed https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L600-605