Skip to content

[M-02] Denial of Service and Loss of Funds via Partial Unstake Dusting#24

Merged
mzhakun merged 20 commits intodrip-systemfrom
M-02
Mar 18, 2026
Merged

[M-02] Denial of Service and Loss of Funds via Partial Unstake Dusting#24
mzhakun merged 20 commits intodrip-systemfrom
M-02

Conversation

@mzhakun
Copy link
Collaborator

@mzhakun mzhakun commented Mar 18, 2026

Fix: Denial of Service and Loss of Funds via Partial Unstake Dusting

  • Added DustSharesRemaining revert in _unstake: partial unstake now reverts if remaining user shares would be > 0 but < MINIMUM_SHARES (1000) — users must either keep at least 1000 shares or unstake all
  • Changed dead-share sweep condition from == to <= as defense-in-depth — pool reset triggers even if totalShares somehow drops below MINIMUM_SHARES
  • Added DustSharesRemaining(address user, uint256 remainingShares) error to IRNBWStaking interface

mzhakun and others added 20 commits March 18, 2026 00:55
@mzhakun
fix(M-02): prevent partial unstake dusting via minimum remaining shar…
1bd397a 
…es guard
@mzhakun
test(M-02): add dust share guard and inflation attack mitigation tests
180cd7a
@mzhakun
fix(M-02): update formatting
4c1104d
@mzhakun
fix(M-02): add MIN_SHARES_THRESHOLD (1e14) to prevent partial unstake…
f456929 
… dusting
@mzhakun
fix(L-03): add user param to previewStake to check minStakeAmount
f539e67
@mzhakun
test(L-03): previewStake first-timer and existing staker edge cases
fd5662b
@mzhakun
docs(L-03): update previewStake references in README
f49deae
@mzhakun
refactor(N-01): split ExchangeRateUpdated into PoolTotalsUpdated for …
f9afc2b 
…stake/cashback paths
@mzhakun
test(N-01): add PoolTotalsUpdated emission tests for stake and cashba…
b06d84a 
…ck paths
@mzhakun
refactor(N-01): emit PoolTotalsUpdated in _unstake, reserve ExchangeR…
20d73bc 
…ateUpdated for fee distribution only
@mzhakun
refactor(N-02): deduplicate previewStake via getSharesForRnbw, use pu…
c246345 
…blic isNonceUsed internally
@mzhakun
refactor(N-03): remove redundant assert(totalShares > 0) in _allocate…
27ad2f5 
…Cashback
@mzhakun
fix(N-04): cap emergencyWithdraw at available excess instead of rever…
4c1ed3a 
…ting
@mzhakun
fix(N-05): emit SafeProposalCancelled when proposeSafe overwrites pen…
4b54b52 
…ding proposal
@mzhakun
[N-05] Emit Cancellation Event on Implicit proposeSafe Overwrite (#19)
4a323c9
@mzhakun
[N-04] Cap emergencyWithdraw at Available Excess (#18)
1aebdc3
@mzhakun
[N-03] Remove Redundant Non-Zero Share Check (#17)
8b6af6a
@mzhakun
[N-02] Improve Readability and Remove Redundant Logic (#16)
ba21af1
@mzhakun
[N-01] Split Misleading ExchangeRateUpdated Event (#14)
c3d947e
@mzhakun
[L-03] previewStake false promise for first-time stakers (#25)
1f9f537
@mzhakun mzhakun merged commit 7aa30bc into drip-system Mar 18, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mzhakun