Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Rainmaker>Medium findings>Staking manager may become locked
GeneralOverview
Findings
Critical (3)
Medium (4)Missing slippage limits allow front-runningUnenforced assumptions about Definitive behaviorExcessive owner responsibility creates deployment risksStaking manager may become locked
Informational (2)
DiscussionWithdrawal redeems all tokensUnderlying vault requires verification
Threat ModelsWhat are threat models?DefinitiveRewardToken.solDefinitiveStakingManager.sol
Audit ResultsSummary
Category: Business Logic

Staking manager may become locked

Medium Severity
Medium Impact
Low Likelihood

Description

The underlying vaults contain functionality that allows Definitive to pause contracts and the vault admin to unpause them. In BaseAccessControl,

/**
 * @dev Inherited from CoreStopGuardian
 */
function enableStopGuardian() public override onlyAdmins {
    return _enableStopGuardian();
}

/**
 * @dev Inherited from CoreStopGuardian
 */
function disableStopGuardian() public override onlyClientAdmin {
    return _disableStopGuardian();
}

The STOP_GUARDIAN_ENABLED flag is checked on critical strategy functions.

Impact

This means that the admin of the underlying strategy has the responsibility to prevent funds from being locked. In some unfavorable events (such as private key loss or compromise), staking manager mechanics may break.

Recommendations

In addition to the recommendations in , we recommend providing users some control over this "unpause" functionality — for example, by creating a smart contract, or modifying the staking manager, to act as the admin and allow users to unpause the contract. In case some pauses are necessary, this might include reasonable timelocks.

Remediation

In commit , Rainmaker documented that the admin role will be held by a multisig to mitigate centralization risk.

Zellic © 2024Back to top ↑