Liquid Staking

Summary

OperatorVCS and OperatorVault Contracts cannot be upgraded because a bad reinitializing number will revert the upgrade.

Vulnerability Details

The OperatorVCS and OperatorVault are upgradeable Contracts that are meant to be upgrades for the current contracts deployed on-chain right now, these contracts implement the reinitializer modifier from the Openzeppelin library because the current contracts on-chain were an upgrade for the first contracts deployed.

The current contracts under the audit set the reinitialized version on 3 meaning that these contracts will be the 3° upgrade in the system.

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/OperatorVCS.sol#L62

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/OperatorVault.sol#L59

The reinitializer modifier requires that the current _initializing variable is false and the current _initialized variable is less than the current version being used in the contracts, if not it will revert the transaction.

As you can see in the current contracts under the audit they are using version number 3 in the OperatorVCS and OperatorVault contracts, but the current OperatorVCS and OperatorVault contracts deployed on-chain were already deployed using version number 3, as you can see here:

OperatorVCS:

https://etherscan.io/address/0x584338dabae9e5429c334fc1ad41c46ac007bc29#code

OperatorVault:

https://etherscan.io/address/0x73cf930cf4f86117c308907ce18f8e8f16710387#code

this will block the upgrade of the contracts because the reinitializer modifier will revert the transaction.

Impact

High, because the OperatorVCS and OperatorVault contracts cannot be upgraded.

Tools Used

Manual Code Review

Recommendations

change the version number sent to the reinitializer modifier in the initialize functions of the OperatorVCS and OperatorVault contracts, the correct version should be number 4.