Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Session Token>Threat Model>Function: addBLSPublicKey()
GeneralOverview
Findings
High (2)
Medium (1)
Low (1)
Informational (1)
DiscussionUnused and sometimes misleading functionsGas savingsMisleading functions' nameData desynchronizationRedundant checks
Threat ModelWhat are threat models?BN256G1.solBN256G2.solPairing.solRewardRatePool.solServiceNodeContribution.solServiceNodeContributionFactory.sol
ServiceNodeRewards.solFunction: addBLSPublicKey()Function: initiateRemoveBLSPublicKey()Function: liquidateBLSPublicKeyWithSignature()Function: removeBLSPublicKeyAfterWaitTime()Function: removeBLSPublicKeyWithSignature()Function: updateRewardsBalance()
TokenConverter.solTokenVestingStaking.sol
Audit ResultsAssessment Results

Function: addBLSPublicKey()

The function adds a BLS public key to the list of service nodes, requiring a proof-of-possession signature, and optionally includes multiple contributors.

Inputs

  • blsPubKey

    • Validation: Must match with blsSignature and must not be an already used blsPubKey.

    • Impact: A 64-byte BLS public key to identify the service node.

  • blsSignature

    • Validation: Must match with blsPubKey.

    • Impact: A 128-byte BLS proof-of-possession signature that proves ownership of the blsPubkey.

  • serviceNodeParams

    • Validation: N/A.

    • Impact: Includes the x25519 public key and signature to be added to the service node, as well as the fee charged by the operator.

  • contributors

    • Validation: The number of contributors must be less than _maxContributors, and the first element of contributors must be the operator of the service node.

    • Impact: Represents a list of contributors for service nodes with multiple contributors.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Function call analysis

  • validateProofOfPossession(blsPubKey, blsSignature, caller, serviceNodeParams.serviceNodePubkey)

    • External/Internal? Internal.

    • Argument control: blsPubKey, blsSignature, caller, and serviceNodeParams.serviceNodePubkey.

    • Impact: Validate the BLS signature of the proof of possession to ensure the private key is known.

  • updateBLSNonSignerThreshold()

    • External/Internal? Internal.

    • Argument control: N/A.

    • Impact: The function updates the internal threshold for the maximum number of non-signers allowed in an aggregate BLS signature before it can be validated.

  • SafeERC20.safeTransferFrom(designatedToken, caller, address(this), _stakingRequirement)

    • External/Internal? External.

    • Argument control: caller.

    • Impact: Collects the designatedToken from the caller in the amount of the predefined _stakingRequirement.

Zellic © 2025Back to top ↑