New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It might be impossible to slash a minipool #183
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-494
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Dec 28, 2022
C4-Staff
added a commit
that referenced
this issue
Jan 6, 2023
GalloDaSballo marked the issue as duplicate of #136 |
GalloDaSballo marked the issue as not a duplicate |
GalloDaSballo changed the severity to 3 (High Risk) |
c4-judge
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
and removed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Feb 3, 2023
GalloDaSballo marked the issue as duplicate of #494 |
c4-judge
added
duplicate-494
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
downgraded by judge
Judge downgraded the risk level of this issue
and removed
3 (High Risk)
Assets can be stolen/lost/compromised directly
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
labels
Feb 3, 2023
GalloDaSballo changed the severity to 2 (Med Risk) |
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Feb 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-494
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/Staking.sol#L381
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L675-L676
Vulnerability details
Impact
The slashing functionality is mostly implemented in the private
slash
function of theMinipoolManager
contract. The amount to be slashed is calculated calling thecalculateGGPSlashAmt
function. The amount returned by this function is finally taken from the amount of GGP staked by the node within theslashGGP
function of theStaking
contract.However, the code never checks whether the node has sufficient GGP staked to cover the slashed amount. It simply attempts to slash the full amount calculated by
calculateGGPSlashAmt
. If there's not enough GGP at stake available to cover the full amount, the call to thedecreaseGGPStake
function will revert with an arithmetic error, and the whole slashing operation will be reverted.Because the value returned by
calculateGGPSlashAmt
depends on the price of GGP in AVAX, when the price of GGP drops, more GGP will be needed to cover the entire slashing. Therefore, any drop in the price of GGP in AVAX might trigger this scenario. It will also necessarily depend on the amount of GGP staked by a node operator.Proof of Concept
Paste the following Foundry test in the
MinipoolManager.t.sol
file:Tools Used
Manual review + Foundry
Recommended Mitigation Steps
The case where there's not enough GGP at stake to cover the full slashing amount must be explicitly handled. There's currently no documentation, tests nor a specification that states what is the expected behavior of the system in this scenario. One possible mitigation might be to slash the available amount of GGP stake when the full amount cannot be covered. The staker would still owe GGP to the protocol, but it could be a better scenario than not slashing at all.
The text was updated successfully, but these errors were encountered: