Liquid Staking

Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Submission Details
Severity: medium
Invalid

Any User may request to delete vault or delete vault on operatorVCS

Vulnerability Details

The Contract OperatorVCS contains two functions for vault but no access control.

it allows any user request to delete the vault then when vault is requested the user may use other function to delete the vault

function queueVaultRemoval(uint256 _index) external
function removeVault(uint256 _queueIndex) public

Impact

  1. Loss of funds or assets

  2. Attacker may griefing the users

Tools Used

Visual Studio Code - Manual Review

Recommendations

Use OnlyOwner (Modifier) For removeVault

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.