51476 sc medium validators can t claim their accrued commission if they are made inactive

Submitted on Aug 3rd 2025 at 07:41:23 UTC by @WinSec for Attackathon | Plume Network

• Report ID: #51476

• Report Type: Smart Contract

• Report severity: Medium

• Target: https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol

• Impacts:

  • Theft of unclaimed yield

Description

Brief/Intro

Validators lose their accrued commission if they are made inactive.

Vulnerability Details

requestCommissionClaim has a check:

        if (!validator.active || validator.slashed) {
            revert ValidatorInactive(validatorId);
        }

Which means if the validator is not active then they can't claim commission. This is contradictory to the rules that apply to users:

when users call claim it calls _validateValidatorForClaim:

Users are allowed to claim from slashed validators as well as inactive validators, as long as the validator exists. But validators who have accrued commission and aren't malicious and not slashed — if they are made inactive — cannot claim their commission and thus lose it unless reactivated.

Impact Details

Validators lose their accrued commission.

References

• https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol#L507

Proof of Concept