Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Vault can be removed regardless of the active claim period

danzero

Summary

There is no active claim period check in the removeFault function and the access control modifier is public in OperatorVSC.solallowing anyone to remove vault regardless of its active claim period.

Vulnerability Details

In the queueVaultRemovalfunction, vault should only be removed when the claim period is active. Yet, this check can be bypassed due to the function removeVaulthas only publicaccess modifier which allows anyone to call the function and there is no check inside this function whether the vault that is to be removed is currently in active claim period.

Impact

  • Vault can be removed regardless of whether claim period of the vault is active or not effectively nullifying the purpose of the queue.

  • Rewards and funds from the vaults can be claimed earlier which could disrupt the claim process for operators that are entitled to claim during active claim period.

Tools Used

Manual Review

Recommendations

Change the visibility of the function of removeVaultto private if this function is only meant to be called from the queueVaultRemovalfunction.

Alternatively, add the claimPeriodActivecheck inside the removeVaultfunction.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

danzero Submitter
about 1 year ago
dimah7 Judge
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.