The funds will be locked in the **vault** #420
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-723
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor duplicate
Sponsor deemed duplicate
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L528-L533
Vulnerability details
Impact
the fund of the
nodeOP
will be locked on the vaultProof of Concept
Case 01:
After the Multisig has invoked
recordStakingEnd()
and before the node op invokewithdrawMinipoolFunds()
the Multisig can invokefinishFailedMinipoolByMultisig()
the fund will be locked on the vaultPlease copy the following POC on MinipoolManager.t.sol
case 02:
After the Multisig has invoke
recordStakingError()
he can imeditly callfinishFailedMinipoolByMultisig()
and the fund will be locked on the vaultPlease copy the following POC on MinipoolManager.t.sol
Recommended Mitigation Steps
Make sure that the nodeOP can withdraw his funds in case the status is Finished
The text was updated successfully, but these errors were encountered: