# 69814 sc low stale migration permits cannot be revoked after migrator role removal **Submitted on Mar 16th 2026 at 23:32:46 UTC by @incogknito for** [**Audit Comp | Folks Finance: Staking Contracts**](https://immunefi.com/audit-competition/audit-comp-folks-finance-staking-contracts) * **Report ID:** #69814 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * Contract fails to deliver promised returns, but doesn't lose value ## Description ### Finding The README says migration permission can be revoked at any time, but that is not true in Staking.sol: `setMigrationPermit()` requires the target address to currently hold `MIGRATOR_ROLE`. So if a user approves a migrator and that role is later revoked, calling `setMigrationPermit(migrator, false)` reverts with `MigratorNotFound`, leaving the old permit stored in `migrationPermits`. If the same address receives `MIGRATOR_ROLE` again later, the old approval becomes usable again and `migratePositionsFrom()` can be called without any fresh user action. ### Impact Users cannot revoke a previously granted migration permit once the role is removed. The old permit remains onchain. Re-granting `MIGRATOR_ROLE` makes the stale approval usable again. ### Recommendation Allow `setMigrationPermit(migrator, false)` even if migrator no longer has `MIGRATOR_ROLE`. ## Proof of Concept ```solidity function test_PoC_Info_MigrationPermitReactivatesAfterRoleRegrant() public { vm.prank(bob); staking.setMigrationPermit(migrator, true); assertEq(staking.migrationPermits(migrator, bob), true); vm.prank(admin); staking.revokeRole(staking.MIGRATOR_ROLE(), migrator); vm.expectRevert(abi.encodeWithSelector(IStakingV1.MigratorNotFound.selector, migrator)); vm.prank(bob); staking.setMigrationPermit(migrator, false); assertEq(staking.migrationPermits(migrator, bob), true); vm.prank(admin); staking.grantRole(staking.MIGRATOR_ROLE(), migrator); vm.expectEmit(true, true, true, true); emit IStakingV1.MigrateFrom(migrator, bob); vm.prank(migrator); IStakingV1.UserStake[] memory migratedStakes = staking.migratePositionsFrom(bob); assertEq(migratedStakes.length, 0); } ``` `forge test --match-test test_PoC_Info_MigrationPermitReactivatesAfterRoleRegrant -vv` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/folks-finance-staking-contracts/69814-sc-low-stale-migration-permits-cannot-be-revoked-after-migrator-role-removal.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.