Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $75,000 USDC
Total HM: 27
Participants: 144
Period: 7 days
Judge: gzeon
Total Solo HM: 13
Id: 170
League: ETH
Rank: 38/144
Findings: 2
Award: $105.46
🌟 Selected for report: 0
🚀 Solo Findings: 0
Based on the documentation provided an operator is slashed if they fail to complete a job like this:
| Number of Slashes | Percentage of Bond |
|---|---|
| 1 | 4% |
| 2 | 16% |
| 3 | 36% |
| 4 | 64% |
| 5 | 100% |
Looking at the code where slashing happens the amount is linearly decreasing with a fixed amount (with the pod base fee) that is only defined by the chosen pod number
uint256 amount = _getBaseBondAmount(pod); /** * @dev select operator that failed to do the job, is slashed the pod base fee */ _bondedAmounts[job.operator] -= amount;
The pod base fee calculation will not change during the operator slashing:
/** * @dev Internal function used for calculating the base bonding amount for a pod */ function _getBaseBondAmount(uint256 pod) private view returns (uint256) { return (_podMultiplier**pod) * _baseBondAmount; }
If it happens that the chosen operator has bonded with just the base bond amount it will be removed from the pod on the first fail which is not as described on the 5/fifth fail.
Operator can be removed from the pod prior to five slashes
Manual review
Introduce a slash count mapping per operator. When the job fails increment that and do the math accordingly.
#0 - gzeoneth
2022-10-30T16:27:01Z
Duplicate of #307
🌟 Selected for report: Rolezn
Also found by: 0x1f8b, 0x52, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xhunter, 0xzh, 8olidity, Amithuddar, Aymen0909, B2, Bnke0x0, Chom, Deivitto, Diana, Diraco, Dravee, Franfran, JC, Jeiwan, Josiah, JrNet, Jujic, KingNFT, KoKo, Lambda, Margaret, Migue, Ocean_Sky, PaludoX0, Picodes, Rahoz, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Shinchan, Tagir2003, Trust, Waze, Yiko, __141345__, a12jmx, adriro, ajtra, arcoun, aysha, ballx, bin2chen, bobirichman, brgltd, bulej93, catchup, catwhiskeys, caventa, cccz, cdahlheimer, ch0bu, chaduke, chrisdior4, cloudjunky, cryptostellar5, cryptphi, csanuragjain, cylzxje, d3e4, delfin454000, djxploit, durianSausage, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, hansfriese, i_got_hacked, ignacio, imare, karanctf, kv, leosathya, louhk, lukris02, lyncurion, m_Rassska, malinariy, martin, mcwildy, mics, minhtrng, nicobevi, oyc_109, pashov, peanuts, pedr02b2, peiw, rbserver, ret2basic, rotcivegaf, rvierdiiev, ryshaw, sakman, sakshamguruji, saneryee, securerodd, seyni, sikorico, svskaushik, teawaterwire, tnevler, w0Lfrum
0 USDC - $0.00
ecrecover() allows malleable signaturesBest practice is to use OpenZeppelin’s ECDSA contract rather than calling ecrecover() directly
constants insteadif (timeDifference < 6) { uint256 podIndex = uint256(job.fallbackOperators[timeDifference - 1]);