unbond_public does not handle 0 credit unbonding correctly
Summary
unbond_public does not have a check for 0 microcredit unbonding. This will make a wasteful execution and a 0 microcredit entry for the delegator or valdiator into the unbonding, preventing anyone from being able to bond to them until the 360 block window has passed and claim_unbond_public has been called.
Vulnerability Detail
unbond_public does not have a check for 0 microcredit unbonding.
If a validator or delegator makes a call to this function on themselves with 0 microcredits it will not change the public state of the bonded credits but will make a entry into the global unbonding state for that entity with the following values:
unbond_state = (0u64, block_height+360u32).
If this is done for a validator then no one will be able to delegator the the validator until the unbonding window is complete AND someone has called claim_unbond_public, even though the validator is not unbonding.
If this is done for a delegator or a validator during another unbond window then the timer will be reset for the previous unbond window even though no new funds are being unbonded. A validator could do this to grieve one of its delegators if it is unhappy that withdrew some delegated funds.
Impact
Validators will be unable to be bonded for the unbond window and until claim_unbond_public is called even though they are not unbonding anything. Delegtators currently withdrawaling could be grieved by validators that can reset their unbonding timer.
evanmarshall
commented
1 week ago
dtheo
Medium
unbond_publicdoes not handle 0 credit unbonding correctlySummary
unbond_publicdoes not have a check for 0 microcredit unbonding. This will make a wasteful execution and a 0 microcredit entry for the delegator or valdiator into theunbonding, preventing anyone from being able to bond to them until the 360 block window has passed andclaim_unbond_publichas been called.Vulnerability Detail
unbond_publicdoes not have a check for 0 microcredit unbonding.If a validator or delegator makes a call to this function on themselves with 0 microcredits it will not change the public state of the bonded credits but will make a entry into the global unbonding state for that entity with the following values:
unbond_state = (0u64, block_height+360u32).If this is done for a validator then no one will be able to delegator the the validator until the unbonding window is complete AND someone has called
claim_unbond_public, even though the validator is not unbonding.If this is done for a delegator or a validator during another unbond window then the timer will be reset for the previous unbond window even though no new funds are being unbonded. A validator could do this to grieve one of its delegators if it is unhappy that withdrew some delegated funds.
Impact
Validators will be unable to be bonded for the unbond window and until
claim_unbond_publicis called even though they are not unbonding anything. Delegtators currently withdrawaling could be grieved by validators that can reset their unbonding timer.Code Snippet
credits.aleo:unbond_public
I have also created an annotated pseudo code version of
unbond_publicto make it easier to read.Tool used
Manual Review
Recommendation
Add logic to prevent a 0 microcredit unbond entry into the global
unbonding[]map.Duplicate of #23