Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

L-05 Missing Check for Duplicate Addresses in _validatePChainOwner #765

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

L-05 Missing Check for Duplicate Addresses in _validatePChainOwner #765

wants to merge 2 commits into from

Conversation

geoff-vball
Copy link
Contributor

Why this should be merged

The _validatePChainOwner function ensures that PChainOwner meets the validation criteria outlined in the ACP-77 specification. It correctly checks that if the threshold is 0, the address list is empty, and that the threshold does not exceed the number of addresses. It also verifies that addresses are sorted in ascending order. However, it does not explicitly check for duplicate addresses, which is required by the ACP-77 specification.

If duplicate addresses are allowed, it could lead to unintended behavior when validating ownership thresholds, potentially enabling improper authorization or quorum calculations. This could pose security risks, as the system might incorrectly count duplicate addresses towards the threshold, leading to unintended validator permissions or incorrect staking assignments.

How this works

How this was tested

Unit test

How is this documented

@geoff-vball geoff-vball requested a review from a team as a code owner April 11, 2025 16:59
iansuvak
iansuvak approved these changes Apr 11, 2025
View reviewed changes
Copy link
Contributor

@iansuvak iansuvak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now we have a single error type for two types of user errors but I think that this is fine.

@geoff-vball @cam-schultz
Update contracts/validator-manager/ValidatorManager.sol
cf29985 
Co-authored-by: cam-schultz <[email protected]>
Signed-off-by: Geoff Stuart <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cam-schultz cam-schultz cam-schultz left review comments

@iansuvak iansuvak iansuvak approved these changes

@bernard-avalabs bernard-avalabs Awaiting requested review from bernard-avalabs bernard-avalabs is a code owner automatically assigned from ava-labs/interop

@michaelkaplan13 michaelkaplan13 Awaiting requested review from michaelkaplan13 michaelkaplan13 is a code owner automatically assigned from ava-labs/interop

@mdelle1 mdelle1 Awaiting requested review from mdelle1 mdelle1 is a code owner automatically assigned from ava-labs/interop

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Platform Engineering Group
Status: Backlog 🗄️
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geoff-vball @iansuvak @cam-schultz