When the pool's DAO moderator is unavailable, anyone may call claimExpired after expiry + MODERATOR_CORRUPTED_GRACE; if the registry reads CORRUPTED, the pool mechanically resolves bad-faith CORRUPTED and claimCorrupted sweeps the entire pool (staker principal + bonus) to recoveryAddress. The pool treats a CORRUPTED registry state as proof of a real breach.
The registry's CORRUPTED flag is set by markCorrupted, gated by onlyAttackModerator, and attackModerator defaults to the agreement owner — the same entity that is the pool sponsor and controls recoveryAddress. markCorrupted requires no proof of an attack and returns the bond rather than slashing it, so a sponsor can self-certify CORRUPTED for free and drain the pool to themselves.
Likelihood:
The registry assigns attackModerator = agreementOwner at registration, and that owner is the pool sponsor who also controls recoveryAddress — one entity holds every role needed.
The pool's DAO outcomeModerator stays inactive through the full pool term plus the 180-day grace (the exact scenario the permissionless backstop exists for).
Impact:
A malicious sponsor sweeps 100% of staker principal and bonus to their own recoveryAddress with no real breach.
The protocol's core guarantee — that only a genuine, DAO-attested breach moves staker funds to recovery — is broken.
Mechanism verified against the real dependency (AttackRegistry.markCorrupted is onlyAttackModerator;
_registerAgreement sets attackModerator = agreementOwner; markCorrupted calls _markBondClaimable).
The pool-side mechanical sweep is exercised in
test/fuzz/ConfidencePool.mitigationBreak.t.sol:
Refuse the permissionless auto-CORRUPTED path when the registry's attack moderator is the agreement owner
(i.e. not an independent party):
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.