Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Omni Network>Informational findings>Possible race condition in valsync init
GeneralOverview
Findings
High (1)
Informational (1)Possible race condition in valsync init
DiscussionThe block.prevdao is completely biasable by the proposerPortal calls cannot be refunded if they failValidators cannot unstake
Audit ResultsAssessment Results
Category: Business Logic

Possible race condition in valsync init

Informational Severity
Informational Impact
N/A Likelihood

Description

If a subscriber is initialized as a valid validator, and if a previous round where the validator was not a validator is attested to, that validator will mistakenly think it's not a validator.

func (k *Keeper) EndBlock(ctx context.Context) ([]abci.ValidatorUpdate, error) {
	...
	// The subscriber is only added after `InitGenesis`, so ensure we notify it of the latest valset.
	if err := k.maybeInitSubscriber(ctx); err != nil {
		return nil, err
	}

	// Check if any unattested set has been attested to (and return its updates).
	return k.processAttested(ctx)
    ...
}

Impact

If such a situation occurs, a participant in the network which is a validator might mistakenly think it is not a validator and not vote. In the future, this might result in penalties or slashing.

Recommendations

Refactor the code to avoid such potential issues.

Remediation

This was remediated in commit 43f0a05cd336988f774be92b09b8469c66dd5610 by changing the validator subscriber update system to send full validator sets instead of validator set updates (deltas), and ensuring that the validator set update is newer than the old one.

Zellic © 2025Back to top ↑