From 8cc0adf2815a0a22a0eff91df70f1b59585715f2 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Tue, 5 Dec 2023 09:36:41 -0500 Subject: [PATCH] Don't allow immediate deallocations for active validators even if the key shares remain the same There's an exploit where the prior set improperly mints coins, the new set occurs (resetting the oracle), and they immediately deallocate 49.9% of their coins (which is more than enough to achieve profitability). Now, anyone in set must wait until after the next set completes to perform any deallocation, enabling time to halt upon improper mints. --- substrate/validator-sets/pallet/src/lib.rs | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/substrate/validator-sets/pallet/src/lib.rs b/substrate/validator-sets/pallet/src/lib.rs index 8d73b932..206724fd 100644 --- a/substrate/validator-sets/pallet/src/lib.rs +++ b/substrate/validator-sets/pallet/src/lib.rs @@ -611,16 +611,8 @@ pub mod pallet { } } - // If we're not in-set, or this doesn't decrease our key shares, allow immediate deallocation - let active = Self::in_set(network, account); - if (!active) || (!decreased_key_shares) { - if active { - // Since it's being immediately deallocated, decrease TotalAllocatedStake - TotalAllocatedStake::::set( - network, - Some(Amount(TotalAllocatedStake::::get(network).unwrap_or(Amount(0)).0 - amount.0)), - ); - } + // If we're not in-set, allow immediate deallocation + if !Self::in_set(network, account) { Self::deposit_event(Event::AllocationDecreased { validator: account, network,