Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect `isRemoved` in Vault Implementation Leads to Inconsistent Operator Status Checks

waydou

Summary

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/linkStaking/base/Vault.sol#L129
The isRemoved() function is incorrectly implemented, returning false by default instead of querying the actual status of the vault's operator from the Chainlink staking contract. Additionally, CommunityVCS does not override this function, leading to potentially incorrect behavior when determining whether a vault's operator has been removed from staking.

Vulnerability Details

The isRemoved() function is designed to check whether the operator for a vault has been removed from the Chainlink staking contract. However, the current implementation is a placeholder that always returns false:

function isRemoved() public view virtual returns (bool) {
// @audit-issue: should return stakeController.isRemoved(address(this));
return false;
}

This implementation fails to check the actual operator status, and instead of calling the stakeController.isRemoved() function, it always returns false, leading to inaccurate operator status checks.

Impact

If the operator has actually been removed from staking but the contract still returns false, funds might be managed improperly, such as keeping deposits in vaults that are no longer valid or making incorrect decisions based on an invalid operator status.

Tools Used

Manual code review

Recommendations

function isRemoved() public view virtual returns (bool) {
return stakeController.isRemoved(address(this));
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.