Verifying the staking instance can be bypassed #11
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
invalid
This doesn't seem right
🤖_primary
AI based primary recommendation
withdrawn by warden
Special case: warden has withdrawn this submission and it can be ignored
Lines of code
https://github.com/code-423n4/2024-05-olas/blob/3ce502ec8b475885b90668e617f3983cea3ae29f/registries/contracts/staking/StakingVerifier.sol#L206-L221
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
Comment out the
stakingToken
function inMockStaking
and add the following test toServiceStakingFactory.js
Run with:
npx hardhat test --grep "Test verification on no staking token function"
Tools Used
Manual Review, JS
Recommended Mitigation Steps
In
StakingVerifier::vefiryInstance
return false if the staticall failsAssessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: