The state of MinipoolStatus.Error should only be transitioned to from MinipoolStatus.Launched #829
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-471
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sponsor duplicate
Sponsor deemed duplicate
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L480
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L152
Vulnerability details
Impact
If the system is allowed to transition into MinipoolStatus.Error state, after recordStakingStart() has been called, whatever staking reward that might have been accumulated will not be recoverable to the skater.
Proof of Concept
The comment for recordStakingError() says:
A staking error occured while registering the node as a validator
However, requireValidStateTransition() also allows the transition to MinipoolStatus.Error from MinipoolStatus.Staking after recordStakingStart() is called.
Once in Error state, the only next transitionable states are Finished or Prelaunch. In both cases, there are no ways for the recovery of any potential staking reward that might have been accumulated during the duration.
Tools Used
manual
Recommended Mitigation Steps
Disable the transition from MinipoolStatus.Staking to MinipoolStatus.Error.
The text was updated successfully, but these errors were encountered: