Active Boosts

50783 sc low validator percentage cap does not work properly

Submitted on Jul 28th 2025 at 14:39:50 UTC by @holydevoti0n for Attackathon | Plume Network

  • Report ID: #50783

  • Report Type: Smart Contract

  • Report severity: Low

  • Target: https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/StakingFacet.sol

  • Impacts: Contract fails to deliver promised returns, but doesn't lose value

Description

Brief / Intro

The maxValidatorPercentage enforcement is unfair because it doesn't rebalance existing validators who exceeded the cap before it was introduced. Additionally, if the cap is raised to 100%, a single validator can hold 99.9% of the stake, since the cap is calculated based on totalStaked.

Vulnerability Details

Validation of the validator percentage in StakingFacet.sol:_validateValidatorPercentage():

    function _validateValidatorPercentage(
        uint16 validatorId, uint256 stakeAmount
    ) internal view {
        PlumeStakingStorage.Layout storage $ = PlumeStakingStorage.layout();
        uint256 previousTotalStaked = $.totalStaked - stakeAmount;

        // Check if exceeding validator percentage limit
        if (previousTotalStaked > 0 && $.maxValidatorPercentage > 0) {
            uint256 newDelegatedAmount = $.validators[validatorId].delegatedAmount;
@>            uint256 validatorPercentage = (newDelegatedAmount * 10_000) / $.totalStaked;
@>            if (validatorPercentage > $.maxValidatorPercentage) {
                revert ValidatorPercentageExceeded();
            }
        }
    }

  • The check only prevents new stakes that would exceed the limit, but doesn't address existing validators who already exceed the percentage cap.

  • Example scenario: System starts with maxValidatorPercentage = 0, Validator A accumulates 70% of total stake, then admin sets maxValidatorPercentage = 50%. Validator A remains at 70% while new validators can grow up to 50%, creating asymmetric percentages (70 + 50 = 120%).

Impact Details

  • Validators that exceeded the cap before enforcement can keep their oversized stake, giving them an unfair long-term advantage.

  • Validators below the cap can still grow up to the cap, resulting in an asymmetric total where multiple validators can exceed 100% combined when some were grandfathered above the cap.

Proof of Concept

1

Initial state

  • System starts with maxValidatorPercentage = 0.

  • Validator A accumulates 70% of total stake.

2

After admin changes cap

  • Admin sets maxValidatorPercentage = 50%.

  • Validator A remains at 70% (no rebalance).

  • Validator B (at 10%) can grow to 50%.

  • Resulting effective percentages can sum to more than 100% (e.g., 70% + 50% = 120%).

References

https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/StakingFacet.sol#L147-L162

Previous52961 sc high theft of yield from the distributor Next51320 sc low malicious teller parameter allow event data manipulation

Was this helpful?