Description

The provide_sequencer_stake function of the sequencer staking pallet allows to register a new sequencer and optionally provide the address of an alias account to be associated to the sequencer.

The function inserts the provided alias account into the AliasAccountInUse storage map to mark it as used. However, it does not remove any alias account that could be already be associated with the sequencer.

The same issue appears in the set_updater_account_for_sequencer function, which can replace the alias account associated with a sequencer without removing the entry from AliasAccountInUse.

Impact

Alias accounts could incorrectly remain registered in the AliasAccountInUse map, preventing them from being reregistered.

This issue could be abused to mark any address as an in-use alias account account. This may lead to a denial-of-service attack, since alias addresses are prevented from registering as sequencers.

Recommendations

Ensure stale entries in AliasAccountsInUse are removed by provide_sequencer_stake and set_updater_account_for_sequencer.

Remediation

This issue has been acknowledged by Gasp, and a fix was implemented in commit 35f7d3e1↗.