Inability to Decrease `vaultMaxDeposits` in `updateVaultGroupAccounting` Function
Github
Description
The updateVaultGroupAccounting function in the OperatorVCS contract contains a logic flaw that prevents reducing the value of vaultMaxDeposits. The current implementation only allows increases in the deposit limit, which could result in incorrect deposit accounting and inflexibility in updating vault configurations. This conditional logic only updates vaultMaxDeposits if the new value is greater than the current value. If there is a need to reduce the deposit limit, this logic prevents the update, leaving vaultMaxDeposits higher than intended.
Impact
If the staking pool reduces the deposit limit for operational reasons (e.g., slashing, reduced pool capacity), the vault strategy cannot apply the new lower limit.
Tools Used
Manual Review
Recommendations
To allow both increases and decreases, remove the conditional check:
This change ensures the contract always reflects the latest intended deposit limit, whether it is increased or decreased.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.