The function `Vault::isRemoved` returns always `false`
Summary
The function Vault::isRemoved returns whether the operator for a given vault has been removed from the Chainlink staking contract. The function should return true if operator has been removed and false otherwise. But the function returns always false.
Vulnerability Details
The function Vault::isRemoved should return true if operator has been removed and false otherwise. But the function doesn't actually check if the operator is removed and returns always false:
This function is overwritten in the OperatorVault contract and there is a correct check if the operator is removed.
But in the OperatorVCS::getMaxDeposits, OperatorVCS::queueVaultRemoval, VaultControllerStrategy::withdraw and VaultControllerStrategy::_depositToVaults is used Vault::isRemoved function and this function will always return false.
Impact
The result from calling Vault::isRemoved will be incorrect in functions OperatorVCS::getMaxDeposits, OperatorVCS::queueVaultRemoval,VaultControllerStrategy::withdraw and VaultControllerStrategy::_depositToVaults.
Tools Used
Manual Review
Recommendations
Change the implementation of Vault::isRemoved function to check if the operator is removed or not.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.