Incorrect tracking of in-use status for alias accounts
Description
The provide_sequencer_stake
function of the sequencer staking pallet allows to register a new sequencer and optionally provide the address of an alias account to be associated to the sequencer.
The function inserts the provided alias account into the AliasAccountInUse
storage map to mark it as used. However, it does not remove any alias account that could be already be associated with the sequencer.
The same issue appears in the set_updater_account_for_sequencer
function, which can replace the alias account associated with a sequencer without removing the entry from AliasAccountInUse
.
Impact
Alias accounts could incorrectly remain registered in the AliasAccountInUse
map, preventing them from being reregistered.
This issue could be abused to mark any address as an in-use alias account account. This may lead to a denial-of-service attack, since alias addresses are prevented from registering as sequencers.
Recommendations
Ensure stale entries in AliasAccountsInUse
are removed by provide_sequencer_stake
and set_updater_account_for_sequencer
.
Remediation
This issue has been acknowledged by Gasp, and a fix was implemented in commit 35f7d3e1↗.