Inconsistent vault membership tracking in OperatorVCS contract
Summary
The removeVault function in this contract does not update the vaultMapping when removing a vault, which can lead to potential inconsistencies between the vaults array and the vaultMapping. This will result in removed vaults still being considered as members of the strategy.
Vulnerability Details
This issue is present in the removeVault function of the OperatorVCS contract. After removing a vault from the vaults array, the function does not update the vaultMapping to reflect this change.
The vaultMapping is used in other parts of the contract to verify vault membership, such as in the withdrawOperatorRewards function:
Impact
This vulnerability could lead to the following issues:
Removed vaults might still be able to call functions restricted to active vaults, such as withdrawOperatorRewards.
Inconsistency between the vaults array and vaultMapping could lead to confusion and potential exploitation.
It may interfere with proper accounting and management of vaults within the strategy.
Tools Used
manual review
Recommendations
consider adding a line to set the vault's mapping to false after removing it from the vaults array:
Lead Judging Commences
`removeVault` does not update `vaultMapping`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.