have identified a foundational logic failure in the ClusterLib.sol liquidation engine. Due to the use of uint64 for fee thresholds, high-scale clusters can trigger an arithmetic overflow that wraps the threshold to a negligible value, making insolvent clusters unliquidatable.
Code Reference:
uint64 threshold = (cluster.validatorsCount * networkFee) + (operatorFees * balanceFactor);
Impact:
Permanent protocol insolvency and "Phantom Clusters" earning rewards without collateral.
Note: Attempted direct email and Immunefi (Passport issue); disclosing here to protect protocol integrity.
have identified a foundational logic failure in the ClusterLib.sol liquidation engine. Due to the use of uint64 for fee thresholds, high-scale clusters can trigger an arithmetic overflow that wraps the threshold to a negligible value, making insolvent clusters unliquidatable.
Code Reference:
uint64 threshold = (cluster.validatorsCount * networkFee) + (operatorFees * balanceFactor);
Impact:
Permanent protocol insolvency and "Phantom Clusters" earning rewards without collateral.
Note: Attempted direct email and Immunefi (Passport issue); disclosing here to protect protocol integrity.