Don't allow immediate deallocations for active validators even if the…

… key shares remain the same There's an exploit where the prior set improperly mints coins, the new set occurs (resetting the oracle), and they immediately deallocate 49.9% of their coins (which is more than enough to achieve profitability). Now, anyone in set must wait until after the next set completes to perform any deallocation, enabling time to halt upon improper mints.
serai-dex · Dec 5, 2023 · 8cc0adf · 8cc0adf
1 parent 9190528
commit 8cc0adf
Showing 1 changed file with 2 additions and 10 deletions.
diff --git a/substrate/validator-sets/pallet/src/lib.rs b/substrate/validator-sets/pallet/src/lib.rs
@@ -611,16 +611,8 @@ pub mod pallet {
         }
       }
 
-      // If we're not in-set, or this doesn't decrease our key shares, allow immediate deallocation
-      let active = Self::in_set(network, account);
-      if (!active) || (!decreased_key_shares) {
-        if active {
-          // Since it's being immediately deallocated, decrease TotalAllocatedStake
-          TotalAllocatedStake::<T>::set(
-            network,
-            Some(Amount(TotalAllocatedStake::<T>::get(network).unwrap_or(Amount(0)).0 - amount.0)),
-          );
-        }
+      // If we're not in-set, allow immediate deallocation
+      if !Self::in_set(network, account) {
         Self::deposit_event(Event::AllocationDecreased {
           validator: account,
           network,