FoundrySolidityLayer 2
7.25 ETH
Submission Details
Impact: medium
Likelihood: low

Withdrawal Permitted During ATTACK_REQUESTED State

Author Revealed upon completion

Description

Stakers are allowed to call withdraw() to exit their entire principal while the registry is in the ATTACK_REQUESTED state:

if (
riskWindowStart != 0
|| (state != IAttackRegistry.ContractState.NOT_DEPLOYED
&& state != IAttackRegistry.ContractState.NEW_DEPLOYMENT
&& state != IAttackRegistry.ContractState.ATTACK_REQUESTED)
) {
revert WithdrawsDisabled();
}

Since ATTACK_REQUESTED is a public state visible on-chain immediately before the registry transitions to UNDER_ATTACK (active attack window), stakers can easily monitor the registry and front-run the transition to withdraw their funds.

Impact:

This undermines the utility of the confidence pool. If stakers can run away as soon as an attack is requested, the pool will hold zero capital by the time the attack actually happens, failing to provide the intended confidence backing for the agreement.

Recommended Mitigation

Disable withdrawals once the registry transitions to ATTACK_REQUESTED to ensure staker capital remains committed once an attack sequence is initiated:

if (
riskWindowStart != 0
|| (state != IAttackRegistry.ContractState.NOT_DEPLOYED
- && state != IAttackRegistry.ContractState.NEW_DEPLOYMENT
- && state != IAttackRegistry.ContractState.ATTACK_REQUESTED)
+ && state != IAttackRegistry.ContractState.NEW_DEPLOYMENT)
) {
revert WithdrawsDisabled();
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!