Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Initialization of `OperatorVault` Contract Causes Chainlink Integration Failure

krisrenzo

Summary

The OperatorVault::initialize function incorrectly handles the initialization process, particularly when the vaultController is already set. In this scenario, the protocol assumes that stakeController has also been initialized, and attempts to call the stakeController.migrate() function. However, since stakeController was never set, this results in an integration failure with the Chainlink protocol, which is critical for Stake Link's functionality.

Vulnerability Details

The OperatorVault::initialize function takes two initialization paths based on whether vaultController is set. The relevant code is as follows:

function initialize(

address _token,

address _vaultController,

address _stakeController,

address _rewardsController,

address _pfAlertsController,

address _operator,

address _rewardsReceiver

) public reinitializer(3) {

if (vaultController == address(0)) {

__Vault_init(_token, _vaultController, _stakeController, _rewardsController);

} else {

// @audit-issue stakeController isn't set

@> stakeController.migrate("");

stakeController = IStaking(_stakeController);

rewardsController = IStakingRewards(_rewardsController);

trackedTotalDeposits = SafeCast.toUint128(getTotalDeposits());

}

pfAlertsController = IPFAlertsController(_pfAlertsController);

rewardsReceiver = _rewardsReceiver;

if (operator == address(0) && _operator != address(0)) {

setOperator(_operator);

}

When vaultController != address(0), the else block is executed, which assumes that stakeController has already been set. The protocol attempts to call the stakeController.migrate() function, but this results in an error because stakeController was never initialized. The function does not provide any mechanism for setting the stakeController after deployment, leading to an incorrect integration with the Chainlink staking contract.

Since stakeController is supposed to represent the address of the Chainlink staking contract, its absence means that the protocol cannot communicate with Chainlink, a critical component for the Stake Link protocol’s operation.

Impact

The failure to properly initialize stakeController prevents the protocol from interacting with Chainlink’s staking contract. This breaks core functionality, as the protocol is unable to perform staking-related actions, severely impacting the operations of Stake Link. Without integration with Chainlink, the protocol cannot function as intended.

Tools Used

Manual

Recommendations

Ensure that stakeController is properly initialized in all cases, regardless of whether vaultController is set.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.