Description

The removeValidatorRewardList function is designed to remove a validator from the validatorAddresses array. However, the current implementation has a flaw. If the validator to be removed is not the last one in the array, the function incorrectly removes the last validator instead of the intended one.

function removeValidatorRewardList(address _validator, address[] storage validatorAddresses) internal {
    uint256 index = validatorAddresses.length + 1;
    for (uint256 i = 0; i < validatorAddresses.length; i++) {
        if (validatorAddresses[i] == _validator) {
            index = i;
            break;
        }
    }
    require(index < validatorAddresses.length, "Address not found");
    validatorAddresses[index] = validatorAddresses[validatorAddresses.length - 1];
    validatorAddresses.pop();
}

Impact

This issue can lead to unintended consequences, including the accidental removal of incorrect validators.

Recommendations

We recommend rewriting the removal logic to ensure that the correct validator is removed. The logic should identify the correct index of the validator to be removed and then proceed to replace it with the last validator before popping the last element.

Remediation

This issue has been acknowledged by Spectral Finance, and a fix was implemented in commit 3f88388f↗.