Don't allow immediate deallocations for active validators even if the key shares remain the same

There's an exploit where the prior set improperly mints coins, the new set
occurs (resetting the oracle), and they immediately deallocate 49.9% of their
coins (which is more than enough to achieve profitability).

Now, anyone in set must wait until after the next set completes to perform any
deallocation, enabling time to halt upon improper mints.
This commit is contained in:
Luke Parker 2023-12-05 09:36:41 -05:00
parent 91905284bf
commit 8cc0adf281
No known key found for this signature in database

View file

@ -611,16 +611,8 @@ pub mod pallet {
} }
} }
// If we're not in-set, or this doesn't decrease our key shares, allow immediate deallocation // If we're not in-set, allow immediate deallocation
let active = Self::in_set(network, account); if !Self::in_set(network, account) {
if (!active) || (!decreased_key_shares) {
if active {
// Since it's being immediately deallocated, decrease TotalAllocatedStake
TotalAllocatedStake::<T>::set(
network,
Some(Amount(TotalAllocatedStake::<T>::get(network).unwrap_or(Amount(0)).0 - amount.0)),
);
}
Self::deposit_event(Event::AllocationDecreased { Self::deposit_event(Event::AllocationDecreased {
validator: account, validator: account,
network, network,