Description

In the EditFinalityProvider function, a finality provider (FP) can change its commission rate without restrictions. This design contrasts with Cosmos SDK’s EditValidator function, which imposes a maximum adjustment range and a frequency constraint on commission changes. Without such controls, an FP could rapidly increase its commission and force delegators to accept unfavorable rates, especially since unbonding can take a significant amount of time.

Impact

Delegators who have staked with an FP and cannot immediately withdraw will be forced to tolerate sudden, significant commission hikes. This can result in loss of potential rewards or unexpected costs for delegators who are locked into their delegation during the unbonding period.

Recommendations

Implement a maximum allowable commission rate change per update, similar to the Cosmos SDK's max change rate. Additionally, enforce a restriction preventing multiple commission adjustments within the same block or within a short time window.

Remediation

This issue has been acknowledged by Babylon Labs, and a fix was implemented in commit 7463c198↗.

This was remediated by adjusting the logic to add several parameters, one of which was the minCommissionRate and a max commission rate change.