contracts icon indicating copy to clipboard operation
contracts copied to clipboard
verified publisher icon maticnetwork

validatorState.stakerCount may far exceed validatorThreshold

Open VictorECDSA opened this issue 3 years ago • 0 comments 

    function slash(bytes calldata _slashingInfoList) external returns (uint256) {

// ......

        for (; i < slashingInfoList.length; i++) {

// ......

                jailedAmount = jailedAmount.add(_jail(validatorId, 1));
                valJailed++;

        }

        updateTimeline(-int256(totalAmount.add(jailedAmount)), -valJailed, 0);

// ......

The 'updateTimeline' here will subtract validatorState.stakerCount right now.

Assume that a very large number of validators have been jailed to the 'locked' state, and then currentValidatorSetSize() < validatorThreshold is true.

So Other users can still 'stakeFor' and result in currentValidatorSetSize() == validatorThreshold.

    function stakeFor(
        address user,
        uint256 amount,
        uint256 heimdallFee,
        bool acceptDelegation,
        bytes memory signerPubkey
    ) public onlyWhenUnlocked {
    
        require(currentValidatorSetSize() < validatorThreshold, "no more slots");
        
// ......

    }

Once the large number of validators who were jailed apply to 'unjail', validatorState.stakerCount may far exceed validatorThreshold.

    function unjail(uint256 validatorId) public onlyStaker(validatorId) {
 
// ......

        updateTimeline(int256(amount.add(validators[validatorId].delegatedAmount)), 1, 0);
      
// ......

    }

I wonder if this problem will actually occur, and whether it conforms to the expected design?

VictorECDSA avatar Aug 04 '22 06:08 VictorECDSA