[M-05] Staking and Withdrawal Time Restrictions Disabled

[softstackio]

Likelihood: High

Description:
The areStakeAndWithdrawAllowed() function in the StakingHbbft contract is currently hardcoded to always return true, effectively disabling any time-based restrictions on staking and withdrawal operations. This deviates from the original design described in the POSDAO Whitepaper, which specified a specific window within each staking epoch for these operations. The commented-out code suggests that there should be time-based restrictions, but these are not currently implemented.

This change has several implications:

1. It allows staking and withdrawals at any time during the epoch, which may impact the predictability and stability of the validator set.
2. It removes a potential protection mechanism against rapid stake movements that could be used to manipulate the validator selection process.
3. It deviates from the expected behaviour described in the whitepaper, potentially causing confusion for users and other contracts that may rely on this behaviour.

Recommendation:

1. Re-evaluate the need for time-based restrictions on staking and withdrawals. If they are deemed necessary:
   ● Implement the time-based restrictions as originally designed, ensuring that staking and withdrawals are only allowed during specific periods of each epoch.
   ● Update the areStakeAndWithdrawAllowed() function to properly check the current time against the allowed window.
2. If time-based restrictions are not needed:
   ● Update the contract documentation and whitepaper to reflect this change
   in design.
   ● Consider implementing alternative mechanisms to prevent potential
   abuse, such as a delay between unstaking and the ability to withdraw funds.