Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StakeManager owner can disallow Vaults from unstaking arbitraryly #145

Open
3esmit opened this issue Oct 3, 2024 · 0 comments
Open

StakeManager owner can disallow Vaults from unstaking arbitraryly #145

3esmit opened this issue Oct 3, 2024 · 0 comments
Assignees
@3esmit

Comments

@3esmit
Copy link
Collaborator

3esmit commented Oct 3, 2024

After the implementation of #139 the function that authorized codehashes now become generic, allowing inherited contracts to disallow previously allowed codehashes from interacting with the contract.

This new feature is actually useful in case the StakeManager owner wants to disable a problematic contract from interacting with it. However, if the StakeManager mistakenly (or malicously) disable StakeVaults from interacting with it, the StakeVaults would have their funds locked indefenetly.

Proposed fixes:

  • Override setTrustedCodehash(bytes32 _codehash, bool _trusted) to disallow using _trusted = false
  • Implement logic to allow leave function being called in StakeVault in case StakeManager no longer allows it from interacting.

Both approaches are easy to implement, but I believe that the most correct would be to allow StakeVault owner to call leave in case StakeManager owner disallowed the StakeVault class from interacting.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@3esmit 3esmit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@3esmit