51476 sc medium validators can t claim their accrued commission if they are made inactive

Submitted on Aug 3rd 2025 at 07:41:23 UTC by @WinSec for Attackathon | Plume Network

• Report ID: #51476

• Report Type: Smart Contract

• Report severity: Medium

• Target: https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol

• Impacts:

  • Theft of unclaimed yield

Description

Brief/Intro

Validators lose their accrued commission if they are made inactive.

Vulnerability Details

requestCommissionClaim has a check:

        if (!validator.active || validator.slashed) {
            revert ValidatorInactive(validatorId);
        }

Which means if the validator is not active then they can't claim commission. This is contradictory to the rules that apply to users:

when users call claim it calls _validateValidatorForClaim:

    function _validateValidatorForClaim(
        uint16 validatorId
    ) internal view {//@audit-ok only cheks if the
        PlumeStakingStorage.Layout storage $ = PlumeStakingStorage.layout();

        if (!$.validatorExists[validatorId]) {
            revert ValidatorDoesNotExist(validatorId);
        }
        // Allow claims from slashed validators - users should be able to claim preserved rewards
        // Only reject if validator doesn't exist
    }

Users are allowed to claim from slashed validators as well as inactive validators, as long as the validator exists. But validators who have accrued commission and aren't malicious and not slashed — if they are made inactive — cannot claim their commission and thus lose it unless reactivated.

Impact Details

Validators lose their accrued commission.

References

• https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol#L507

Proof of Concept