{"componentChunkName":"component---node-modules-rocketseat-gatsby-theme-docs-core-src-templates-docs-query-js","path":"/manual-review/StakingSkeleton-SSN","result":{"data":{"mdx":{"id":"e0053802-e0a0-5488-9dc9-1a54751b4928","excerpt":"SSN-01M: Potential Invalid Restake Re-Entrancy Type Severity Location Logical Fault StakingSkeleton.sol:L585-L590 ,  L596-L601 ,  L604 Description: The…","fields":{"slug":"/manual-review/StakingSkeleton-SSN/"},"frontmatter":{"title":"StakingSkeleton Manual Review Findings","description":"Contains all the findings that relate to manual review on the contract codebase","image":null,"disableTableOfContents":null},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"StakingSkeleton Manual Review Findings\",\n  \"description\": \"Contains all the findings that relate to manual review on the contract codebase\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"h2\", {\n    \"id\": \"span-idssn-01mssn-01m-potential-invalid-restake-re-entrancyspan\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#span-idssn-01mssn-01m-potential-invalid-restake-re-entrancyspan\",\n    \"aria-label\": \"span idssn 01mssn 01m potential invalid restake re entrancyspan permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), mdx(\"span\", {\n    id: \"SSN-01M\"\n  }, \"SSN-01M: Potential Invalid Restake Re-Entrancy\")), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Location\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/evergon-labs-tmi-staking-protocol-674eaeb16dc0450018dd65fb/appendix/finding-types#logical-fault\"\n  }, \"Logical Fault\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L585-L590\"\n  }, \"StakingSkeleton.sol:L585-L590\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L596-L601\"\n  }, \"L596-L601\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L604\"\n  }, \"L604\"))))), mdx(\"h3\", {\n    \"id\": \"description\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#description\",\n    \"aria-label\": \"description permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Description:\"), mdx(\"p\", null, \"The \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L542-L607\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"a\"\n  }, \"StakingSkeleton::fullyUnstake\")), \" function will transfer rewards towards the user, their corresponding stake, and then will proceed to burn their position.\"), mdx(\"p\", null, \"An issue with this approach is that if the recipient of the reward / stake transfer (i.e. an \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://eips.ethereum.org/EIPS/eip-1155\"\n  }, \"EIP-1155\"), \" transfer) is a smart contract that re-enters the staking system and performs a restake operation, the codebase might ultimately burn an NFT ID with funds associated with it.\"), mdx(\"h3\", {\n    \"id\": \"impact\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#impact\",\n    \"aria-label\": \"impact permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Impact:\"), mdx(\"p\", null, \"We consider the vulnerability minor as a user performing the steps outlined in the vulnerability would harm themselves, however, the behaviour might arise from an automated smart contract that is built to automatically restake \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://eips.ethereum.org/EIPS/eip-1155\"\n  }, \"EIP-1155\"), \" assets sent to it.\"), mdx(\"h3\", {\n    \"id\": \"example\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#example\",\n    \"aria-label\": \"example permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Example:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-sol\",\n    \"metastring\": \"title=packages/contracts/contracts/skeletons/StakingSkeleton.sol highlight={2,3,4,5,6,7,13,14,15,16,17,18,21} lineNumbers=true lineOffset=583\",\n    \"title\": \"packages/contracts/contracts/skeletons/StakingSkeleton.sol\",\n    \"highlight\": \"{2,3,4,5,6,7,13,14,15,16,17,18,21}\",\n    \"lineNumbers\": \"true\",\n    \"lineOffset\": \"583\"\n  }, \"if (amountOfRewardPackets > 0) {\\n    ITransferRewardFacet(address(this)).transferReward(\\n        campaignId,\\n        campaignInfo.rewardAssetHandler,\\n        msg.sender,\\n        amountOfRewardPackets\\n    );\\n\\n    emit RewardsReceived(campaignId, nftId, msg.sender, amountOfRewardPackets);\\n}\\n\\nif (amountOfPacketsUnstaked > 0) {\\n    ITransferInputFacet(address(this)).transferInput(\\n        campaignId,\\n        campaignInfo.inputAssetKeeper,\\n        msg.sender,\\n        amountOfPacketsUnstaked\\n    );\\n}\\n\\nIERC721Facet(address(this)).burn(nftId);\\n\")), mdx(\"h3\", {\n    \"id\": \"recommendation\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#recommendation\",\n    \"aria-label\": \"recommendation permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Recommendation:\"), mdx(\"p\", null, \"We advise the code to burn the NFT prior to transferring the relevant \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://eips.ethereum.org/EIPS/eip-1155\"\n  }, \"EIP-1155\"), \" assets, preventing such a re-entrancy corruption to occur.\"), mdx(\"h3\", {\n    \"id\": \"alleviation-b64b659786cf3c84bea52feb3a69f546ba3601f0\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#alleviation-b64b659786cf3c84bea52feb3a69f546ba3601f0\",\n    \"aria-label\": \"alleviation b64b659786cf3c84bea52feb3a69f546ba3601f0 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):\"), mdx(\"p\", null, \"The burn operation has been relocated before the reward and normal packets are disbursed, alleviating this exhibit in full.\"), mdx(ViewDiffButton, {\n    repoUrl: \"https://github.com/evergonlabs/StakingProtocol\",\n    mainHash: \"dd3cd83a38dbea2dad34f7dc82c835f1793d5459\",\n    fixHash: \"b64b659786cf3c84bea52feb3a69f546ba3601f0\",\n    gitHubIssue: \"57\",\n    mdxType: \"ViewDiffButton\"\n  }), mdx(\"h2\", {\n    \"id\": \"span-idssn-02mssn-02m-inexistent-validation-of-authorizationspan\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#span-idssn-02mssn-02m-inexistent-validation-of-authorizationspan\",\n    \"aria-label\": \"span idssn 02mssn 02m inexistent validation of authorizationspan permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), mdx(\"span\", {\n    id: \"SSN-02M\"\n  }, \"SSN-02M: Inexistent Validation of Authorization\")), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Location\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/evergon-labs-tmi-staking-protocol-674eaeb16dc0450018dd65fb/appendix/finding-types#logical-fault\"\n  }, \"Logical Fault\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L298-L305\"\n  }, \"StakingSkeleton.sol:L298-L305\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L317-L319\"\n  }, \"L317-L319\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L367-L368\"\n  }, \"L367-L368\"))))), mdx(\"h3\", {\n    \"id\": \"description-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#description-1\",\n    \"aria-label\": \"description 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Description:\"), mdx(\"p\", null, \"The \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/evergonlabs/StakingProtocol/blob/dd3cd83a38dbea2dad34f7dc82c835f1793d5459/packages/contracts/contracts/skeletons/StakingSkeleton.sol#L298-L305\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"a\"\n  }, \"StakingSkeleton::restakeBeneficiary\")), \" function permits anyone to perform a staking operation of at least one packet to another user without validating any authorization between them.\"), mdx(\"p\", null, \"This permits a user to utilize a single staking packet to arbitrarily increase the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"timeLockPeriod\"), \", thereby potentially locking a victim's significantly large staking position perpetually.\"), mdx(\"h3\", {\n    \"id\": \"impact-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#impact-1\",\n    \"aria-label\": \"impact 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Impact:\"), mdx(\"p\", null, \"The system presently permits all staking positions to be sabotaged by a single packet deposit through restake operations increasing their unlock timestamp to an arbitrarily high number in the future.\"), mdx(\"h3\", {\n    \"id\": \"example-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#example-1\",\n    \"aria-label\": \"example 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Example:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-sol\",\n    \"metastring\": \"title=packages/contracts/contracts/skeletons/StakingSkeleton.sol highlight={30,43,44,45,93,94} lineNumbers=true lineOffset=274\",\n    \"title\": \"packages/contracts/contracts/skeletons/StakingSkeleton.sol\",\n    \"highlight\": \"{30,43,44,45,93,94}\",\n    \"lineNumbers\": \"true\",\n    \"lineOffset\": \"274\"\n  }, \"/**\\n * @notice Allows users to increase a beneficiary's position specified by `nftId` within a campaign\\n * by allocating additional staked assets defined in the campaign's input packet.\\n *\\n * @dev This function enables increasing an existing position on behalf of a beneficiary.\\n * The staking input packets are transferred from the caller (`msg.sender`), but any rewards are\\n * allocated to the beneficiary. The beneficiary must own the NFT representing the position.\\n *\\n * Restake is not supported when instant staking rewards are featured.\\n * The recalculated `unlockTimestamp` (`block.timestamp + timeLockPeriod`) must be greater than or equal to\\n * the current position's `unlockTimestamp`.\\n *\\n * IMPORTANT: Only the beneficiary must meet the eligibility criteria required to increase a position\\n *            (see `StakersEligibility` and `AccessControl` facets).\\n *\\n * Emits a {StakingPositionIncreased} and {PositionBalanceUpdate} event.\\n * Also emits a {RewardsReceived} event on condition.\\n *\\n * @param nftId The unique identifier of the NFT associated with the position.\\n * @param amountOfPackets The number of input packets to allocate to the existing position, increasing it.\\n * @param timeLockPeriod The duration, in seconds, for which the position's staked assets will be locked.\\n * @param beneficiary The address that will receive any instant rewards and must own the NFT position.\\n */\\nfunction restakeBeneficiary(\\n    uint256 nftId,\\n    uint256 amountOfPackets,\\n    uint256 timeLockPeriod,\\n    address beneficiary\\n) external onlyExternalDelegateCall {\\n    _restakeBeneficiary(nftId, amountOfPackets, timeLockPeriod, beneficiary);\\n}\\n\\n/**\\n * @notice Internal version of `restakeBeneficiary()`, handling restaking logic for a specified beneficiary.\\n * @dev For more information, see `restakeBeneficiary()`.\\n */\\nfunction _restakeBeneficiary(\\n    uint256 nftId,\\n    uint256 amountOfPackets,\\n    uint256 timeLockPeriod,\\n    address beneficiary\\n) internal {\\n    if (beneficiary != IERC721Facet(address(this)).ownerOf(nftId)) {\\n        revert StakingPositionNotOwned(nftId, beneficiary);\\n    }\\n\\n    GeneralStorage.NftInfo storage nftInfo = GeneralStorage.layout().nftInfo[nftId];\\n    uint256 campaignId = nftInfo.campaignId;\\n\\n    IAmountsFacet(address(this)).checkInputPackets(campaignId, nftId, amountOfPackets);\\n    IStakersEligibilityFacet(address(this)).checkStakersEligibility(campaignId, beneficiary);\\n    uint256 stakeActiveStartingTimestamp = ICampaignTimesFacet(address(this)).checkCampaignTimesOnStake(campaignId);\\n    ILockVariationsFacet(address(this)).checkTimeLock(campaignId, timeLockPeriod);\\n\\n    uint256 newUnlockTimestamp = stakeActiveStartingTimestamp + timeLockPeriod;\\n\\n    if (newUnlockTimestamp < nftInfo.unlockTimestamp) {\\n        // Cannot have earlier unlock timestamp than already existing one\\n        revert InvalidUnlockTimestampAtRestake(nftId, nftInfo.unlockTimestamp, newUnlockTimestamp);\\n    }\\n\\n    GeneralStorage.Campaign storage campaignInfo = GeneralStorage.layout().campaignsInfo[campaignId];\\n\\n    ITransferInputFacet(address(this)).transferInput(\\n        campaignId,\\n        msg.sender,\\n        campaignInfo.inputAssetKeeper,\\n        amountOfPackets\\n    );\\n\\n    uint256 totalPackets = nftInfo.packetsStaked + amountOfPackets;\\n\\n    uint256 getRestakeRewardPackets = IRewardsDistributionFacet(address(this)).getRestakeReward(campaignId, nftId);\\n    uint256 virtualTotalPackets = IVirtualAmountMultiplierFacet(address(this)).applyVirtualAmountMultiplier(\\n        campaignId,\\n        nftId,\\n        totalPackets\\n    );\\n\\n    emit StakingPositionIncreased(\\n        campaignId,\\n        nftId,\\n        beneficiary,\\n        msg.sender,\\n        amountOfPackets,\\n        stakeActiveStartingTimestamp,\\n        nftInfo.unlockTimestamp,\\n        newUnlockTimestamp\\n    );\\n\\n    // The `nftInfo` storage is updated after calling `getRestakeReward()`,\\n    // as this function relies on the current status of the position (prior to this restake)\\n    nftInfo.unlockTimestamp = newUnlockTimestamp;\\n    nftInfo.startingTimestamp = stakeActiveStartingTimestamp;\\n\\n    emit PositionBalanceUpdate(\\n        campaignId,\\n        nftId,\\n        beneficiary,\\n        nftInfo.packetsStaked,\\n        nftInfo.virtualPacketsStaked,\\n        totalPackets,\\n        virtualTotalPackets\\n    );\\n\\n    campaignInfo.totalPacketsStaked += amountOfPackets;\\n    campaignInfo.virtualTotalPacketsStaked += (virtualTotalPackets - nftInfo.virtualPacketsStaked);\\n    nftInfo.packetsStaked = totalPackets;\\n    nftInfo.virtualPacketsStaked = virtualTotalPackets;\\n\\n    _applyRestakeAndTransferRewards(\\n        campaignId,\\n        nftId,\\n        getRestakeRewardPackets,\\n        campaignInfo.rewardAssetHandler,\\n        beneficiary\\n    );\\n}\\n\")), mdx(\"h3\", {\n    \"id\": \"recommendation-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#recommendation-1\",\n    \"aria-label\": \"recommendation 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Recommendation:\"), mdx(\"p\", null, \"We advise the system to either impose some form of authorization between the caller and the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"beneficiary\"), \", or to disallow the position's \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"unlockTimestamp\"), \" from increasing by calculating the remaining time until the stake unlocks and utilizing that as the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"timeLockPeriod\"), \".\"), mdx(\"p\", null, \"We consider either of the two approaches adequate in alleviating this exhibit.\"), mdx(\"h3\", {\n    \"id\": \"alleviation-b64b659786cf3c84bea52feb3a69f546ba3601f0-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#alleviation-b64b659786cf3c84bea52feb3a69f546ba3601f0-1\",\n    \"aria-label\": \"alleviation b64b659786cf3c84bea52feb3a69f546ba3601f0 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):\"), mdx(\"p\", null, \"The code was updated to prevent the increase of an active NFT's unlock timestamp, ensuring that the code prevents the unlock timestamp of an NFT from being increased by restake operations.\"), mdx(ViewDiffButton, {\n    repoUrl: \"https://github.com/evergonlabs/StakingProtocol\",\n    mainHash: \"dd3cd83a38dbea2dad34f7dc82c835f1793d5459\",\n    fixHash: \"b64b659786cf3c84bea52feb3a69f546ba3601f0\",\n    gitHubIssue: \"58\",\n    mdxType: \"ViewDiffButton\"\n  }));\n}\n;\nMDXContent.isMDXComponent = true;","headings":[{"depth":2,"value":"<span id=\"SSN-01M\">SSN-01M: Potential Invalid Restake Re-Entrancy</span>"},{"depth":3,"value":"Description:"},{"depth":3,"value":"Impact:"},{"depth":3,"value":"Example:"},{"depth":3,"value":"Recommendation:"},{"depth":3,"value":"Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):"},{"depth":2,"value":"<span id=\"SSN-02M\">SSN-02M: Inexistent Validation of Authorization</span>"},{"depth":3,"value":"Description:"},{"depth":3,"value":"Impact:"},{"depth":3,"value":"Example:"},{"depth":3,"value":"Recommendation:"},{"depth":3,"value":"Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):"}]}},"pageContext":{"slug":"/manual-review/StakingSkeleton-SSN/","prev":{"label":"RateBasedOpenRewardDistributionFacetStorage.sol (RBD-M)","link":"/manual-review/RateBasedOpenRewardDistributionFacetStorage-RBD"},"next":{"label":"StakingSkeletonNID.sol (SSI-M)","link":"/manual-review/StakingSkeletonNID-SSI"}}},"staticQueryHashes":["1954253342","2328931024","2501019404","973074209"]}