Platform: Code4rena
Start Date: 11/11/2022
Pot Size: $90,500 USDC
Total HM: 52
Participants: 92
Period: 7 days
Judge: LSDan
Total Solo HM: 20
Id: 182
League: ETH
Rank: 36/92
Findings: 1
Award: $303.79
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Lambda
Also found by: bearonbike
303.7898 USDC - $303.79
Accroding to the code annotation in LiquidStakingManager.registerBLSPublicKeys(), BLS public key registerd as validator should be part of LSD network and not banned, But the code does not check the BLS public key is banned or not.This will allow banned BLS public key registered as validator.
https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/liquid-staking/LiquidStakingManager.sol#L468-L469
// check if the BLS public key is part of LSD network and is not banned require(isBLSPublicKeyPartOfLSDNetwork(_blsPublicKey) == false, "BLS public key is banned or not a part of LSD network");
Vscode
Modify require condition like this:
// check if the BLS public key is part of LSD network and is not banned require(isBLSPublicKeyPartOfLSDNetwork(_blsPublicKey) == false && bannedBLSPublicKeys[_blsPublicKey] == address(0), "BLS public key is banned or not a part of LSD network");
#0 - c4-judge
2022-11-21T13:59:14Z
dmvt marked the issue as duplicate of #144
#1 - c4-judge
2022-11-30T14:06:14Z
dmvt marked the issue as satisfactory