Skip to content

[Status Network Contracts] Revisit leave mechanism as it allows for free rewards #78

New issue
New issue
Open
#87
Open
[Status Network Contracts] Revisit leave mechanism as it allows for free rewards#78
#87
Assignees
3esmit
Labels
Smart ContractsbugSomething isn't working
@0x-r4bbit

Description

@0x-r4bbit
0x-r4bbit
opened on Dec 2, 2025

Context: https://github.com/Cyfrin/audit-2025-12-statusl2/issues/10

TLDR:

  • Leaving always enables withdrawal of funds unless they are locked
  • Leaving assumes that StakeManager always does proper accounting (either that, or it fails and we don't care)
  • There's a case where it fails and we do care, which is when StakeManager is paused
  • In this case, user stakes, manager pauses, user leaves (manager reverts), user receives funds
  • User can now still redeem funds because manager never updated its state during pause

We need to think about how to fix this.
The problem is the try/catch block, but it's also there for a reason.

Metadata

Metadata

Assignees

Labels

Smart ContractsbugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions