[Bug]: Bypass NodeOperator approve in Dashboard #1504
Description
Summary
Vault owner can bypass NodeOperator approval in Dashboard by connecting without Dashboard and then moving vault ownership to Dashboard, effectively bypassing the isApprovedToConnect check. This check enforces consensus on settledGrowth to ensure correct fee calculation.
Expected Behavior
SettledGrowth in Dashboard should not allow the vault owner to cheat/grief node operator on reconnect.
Potential Impact
Without NO's approval to connect, the fee might be outdated and node operator may lose fees.
Steps to Reproduce
- Initial state: I create vault using factory createVaultWithDashboard, DEFAULT_ADMIN_ROLE is me
- Dashboard owns the StakingVault (set during factory deployment) and is connected to vaultHub
times goes and fees are paid - I voluntaryDisconnect => everything is ok and on next report, ownership is transferred to dashboard (connection.owner)
- Transfer away from Dashboard: Use Dashboard.abandonDashboard(me) to transfer ownership (pending)
- I accept ownership stakingVault.acceptOwnership() => I am the owner
- I transfer pending owner of stakingvault to vaultHub to connect : stakingVault.transferOwnership(VAULT_HUB)
- I call VAULT_HUB.connectVault(stakingVault), connection.owner will be me
- call VaultHub#transferVaultOwnership(stakingVault,dashboard)
and the functions from dashboard works because they are stateless
and i bypassed isApprovedToConnect
Possible Solutions
Get rid of isApprovedToConnect altogether. Instead reset settledGrowth to 0. So that before reconnection, the vault owner must cooperate with the node operator to update the settled growth.
Guidelines
- I agree to follow Code of Conduct.
- I have read Lido Contribution Guide.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status