Liquid Staking

Summary

The setOperator function in the OperatorVCS contract allows setting the operator address for a vault but lacks input validation. Specifically, it does not check whether the new operator address is valid (e.g., not the zero address). This could lead to misconfiguration or unintended behavior.

Vulnerability Details

In OperatorVCS, the setOperator function:

While the setOperator function in OperatorVault does perform some checks:

The OperatorVCS function does not validate the _index parameter to ensure it is within bounds of the vaults array. If an invalid index is provided, it could lead to an exception or incorrect behavior.

Impact

• Misconfiguration: Setting an invalid operator address or incorrect vault index could render the vault unusable or misdirect rewards.

• Operational Issues: The system may behave unexpectedly if operators are not set correctly.

• Security Risks: Potential for setting malicious addresses if not properly validated.

Tools Used

Manual code review.

Recommendations

• Validate Input Parameters:

  • In OperatorVCS.setOperator, add checks to ensure _index is within the bounds of the vaults array.

  • Validate that _operator is not the zero address.

• Error Handling:

  • Provide informative error messages using require statements.

  • For example:

    require(_index < vaults.length, "Invalid vault index");

    require(_operator != address(0), "Operator address cannot be zero");

• Consistent Validation:

  • Ensure that input validation is performed at all levels to prevent invalid data from propagating.