Potential Exploit with unbond_public Allowing Commission Change without Notice
Summary
The unbond_public and bond_validator functions allows a validator to change their commission by unbonding and then re-bonding, without notifying delegators, only need wait 360 blocks.
Vulnerability Detail
A validator can change their commission percentage by using unbond_public followed by bond_validator. Delegators are not automatically notified of this change unless they actively check, potentially leading to trust and operational issues.
Impact
Delegators may be unaware of commission changes, leading to possible financial losses and trust issues within the system. A validator could suddenly increase their commission, causing unexpected losses for the delegators.
Implement an interval restriction on validator unbonding to prevent frequent changes to commission percentages. This can ensure that changes are made transparently and give delegators time to react.
snowtigersoft
High
Potential Exploit with unbond_public Allowing Commission Change without Notice
Summary
The
unbond_publicandbond_validatorfunctions allows a validator to change their commission by unbonding and then re-bonding, without notifying delegators, only need wait 360 blocks.Vulnerability Detail
A validator can change their commission percentage by using
unbond_publicfollowed bybond_validator. Delegators are not automatically notified of this change unless they actively check, potentially leading to trust and operational issues.Impact
Delegators may be unaware of commission changes, leading to possible financial losses and trust issues within the system. A validator could suddenly increase their commission, causing unexpected losses for the delegators.
Code Snippet
https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L159
https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L420
Tool used
Manual Review
Recommendation
Implement an interval restriction on validator unbonding to prevent frequent changes to commission percentages. This can ensure that changes are made transparently and give delegators time to react.