FoundrySolidityLayer 2
7.25 ETH
Submission Details
Impact: medium
Likelihood: low

Accounted bonus can permanently escape to `recoveryAddress` via permissionless `sweepUnclaimedBonus`, defeating the moderator's pre-claim outcome correction

Author Revealed upon completion

Root + Impact

Description

The moderator may correct a posted outcome (fix a typo'd outcome or attacker) right up until the first claim/sweep flips the one-way claimsStarted finality latch; the design intent is that no accounted value moves before the distribution is final. Separately, when a pool resolves SURVIVED/EXPIRED with no observed risk window (riskWindowStart == 0), the bonus is owed to nobody and the whole accounted snapshotTotalBonus is correctly sweepable to recoveryAddress.

The problem is that sweepUnclaimedBonus() is permissionless and, by deliberate design, does not set claimsStarted. So while riskWindowStart == 0, the reservation skips the bonus and the entire accounted bonus (not merely donation dust) can be swept to recoveryAddress without closing the re-flag window. Any bot can front-run a moderator's pending correction to good-faith CORRUPTED: the bonus leaves, claimsStarted stays false, the correction still succeeds, but the new snapshot sees a reduced totalBonus, so the named attacker's bountyEntitlement and the physically available funds are short by the full bonus.

// src/ConfidencePool.sol sweepUnclaimedBonus()
uint256 reserved;
if (totalEligibleStake != 0) {
reserved = totalEligibleStake;
@> if (riskWindowStart != 0) { // riskWindowStart == 0 => accounted bonus NOT reserved
reserved += snapshotTotalBonus - claimedBonus;
}
}
uint256 freeBalance = stakeToken.balanceOf(address(this));
uint256 amount = freeBalance > reserved ? freeBalance - reserved : 0; // == full accounted bonus
if (amount == 0) revert NothingToSweep();
...
@> // Intentionally does NOT set claimsStarted. <-- re-flag window stays open, but value already left
stakeToken.safeTransfer(recoveryAddress, amount);

Risk

Likelihood:

Occurs when the registry passes through active risk with no pool interaction (riskWindowStart == 0) and reaches CORRUPTED, and the moderator first posts SURVIVED (a legitimate "breach was out of this pool's scope" judgement, or a judgement it later reverses).

Occurs whenever such a SURVIVED outcome sits on-chain before the moderator's good-faith CORRUPTED correction confirms — the intervening block is an open, permissionless front-running window for any bot.

Impact:

The named good-faith attacker (whitehat) permanently loses the entire bonus pot: it lands at recoveryAddress (the sponsor) and cannot be pulled back, since recoveryAddress is sponsor-controlled and the funds have physically left the pool.

The moderator's documented pre-claim correction guarantee is silently voided by an unprivileged caller; the same drains the whole pot in a bonus-only pool (totalEligibleStake == 0).

Proof of Concept

// SPDX-License-Identifier: MIT
pragma solidity 0.8.26;
import {BaseConfidencePoolTest} from "test/helpers/BaseConfidencePoolTest.sol";
import {IAttackRegistry} from "@battlechain/interface/IAttackRegistry.sol";
import {PoolStates} from "src/libraries/PoolStates.sol";
contract M01Validate is BaseConfidencePoolTest {
address internal bot = makeAddr("bot");
function test_bonusEscapesBeforeGoodFaithCorrection() external {
_stake(alice, 100 ether);
_contributeBonus(carol, 50 ether);
// Active risk passes with NO pool interaction -> riskWindowStart stays 0; registry -> CORRUPTED.
attackRegistry.setAgreementState(IAttackRegistry.ContractState.CORRUPTED);
// Moderator posts SURVIVED (allowed from a CORRUPTED registry state).
vm.prank(moderator);
pool.flagOutcome(PoolStates.Outcome.SURVIVED, false, address(0));
assertEq(pool.riskWindowStart(), 0);
assertEq(pool.snapshotTotalBonus(), 50 ether);
// PERMISSIONLESS front-run by an unrelated bot.
uint256 recoveryBefore = token.balanceOf(recovery);
vm.prank(bot);
pool.sweepUnclaimedBonus();
assertEq(token.balanceOf(recovery) - recoveryBefore, 50 ether); // bonus gone
assertFalse(pool.claimsStarted()); // re-flag still "open"
// Moderator corrects to good-faith CORRUPTED — succeeds, but on a drained snapshot.
vm.prank(moderator);
pool.flagOutcome(PoolStates.Outcome.CORRUPTED, true, attacker);
assertEq(pool.snapshotTotalBonus(), 0);
assertEq(pool.bountyEntitlement(), 100 ether); // 100, not 150
// Attacker can only collect the 100 principal; 50 bonus is permanently at recovery.
uint256 attackerBefore = token.balanceOf(attacker);
vm.prank(attacker);
pool.claimAttackerBounty();
assertEq(token.balanceOf(attacker) - attackerBefore, 100 ether);
}
// Counterfactual: without the sweep the attacker would have received the full 150.
function test_counterfactual_noSweep() external {
_stake(alice, 100 ether);
_contributeBonus(carol, 50 ether);
attackRegistry.setAgreementState(IAttackRegistry.ContractState.CORRUPTED);
vm.prank(moderator);
pool.flagOutcome(PoolStates.Outcome.SURVIVED, false, address(0));
vm.prank(moderator);
pool.flagOutcome(PoolStates.Outcome.CORRUPTED, true, attacker);
assertEq(pool.bountyEntitlement(), 150 ether);
uint256 b = token.balanceOf(attacker);
vm.prank(attacker);
pool.claimAttackerBounty();
assertEq(token.balanceOf(attacker) - b, 150 ether);
}
}
// Result:
// [PASS] test_bonusEscapesBeforeGoodFaithCorrection() attacker got 100, 50 stranded at recovery
// [PASS] test_counterfactual_noSweep() attacker got 150

Recommended Mitigation

Reserve accounted bonus whenever a staker is owed it OR the outcome can still be corrected (re-flag window open), so only genuine donations/dust remain sweepable before finality. This also protects the bonus-only pool by not gating the reservation on totalEligibleStake != 0.

- uint256 reserved;
- if (totalEligibleStake != 0) {
- reserved = totalEligibleStake;
- if (riskWindowStart != 0) {
- reserved += snapshotTotalBonus - claimedBonus;
- }
- }
+ uint256 reserved = totalEligibleStake;
+ // Reserve accounted bonus when a staker is owed it (riskWindowStart != 0) OR the outcome
+ // can still be corrected to good-faith CORRUPTED (claimsStarted == false). Only genuine
+ // donations/dust are sweepable while the distribution is not yet final; otherwise the
+ // accounted bonus could escape to recovery and defeat a pending moderator correction.
+ if (riskWindowStart != 0 || !claimsStarted) {
+ reserved += snapshotTotalBonus - claimedBonus;
+ }

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!