[Staking] Extra check for Virtual Stakers #5791
Assignees
Labels
I9-optimisation
An enhancement to provide better overall performance in terms of time-to-completion for a task.
T2-pallets
This PR/Issue is related to a particular pallet.
Comments
Ank4n
added
the
I9-optimisation
github-merge-queue bot
pushed a commit
that referenced
this issue
Nov 5, 2024
closes #5791. This is not strictly necessary but serves as a defensive check. The staking pallet exposes [apis](https://paritytech.github.io/polkadot-sdk/master/sp_staking/trait.StakingUnchecked.html#tymethod.virtual_bond) that other runtime pallets (pallet-delegated-staking) can use to create virtual stakers. However, there’s no way for pallet-staking to ensure that the staker is truly keyless. If the caller (this is a trusted caller so this would only happen due to a bug) registers an account with a private key as a virtual_staker, these accounts could later interact directly with pallet-staking dispatchables (such as [bond_extra](https://paritytech.github.io/polkadot-sdk/master/pallet_staking/dispatchables/fn.bond_extra.html)) and bypass any locking mechanism. The check above ensures this scenario can never occur by performing an integrity check. --------- Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: command-bot <>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In staking, virtual stakers are system generated keys to manage ledger for pool accounts. These accounts do not need to exist (and will not exist unless some account transfers funds to it to mess with the system).
Only pallets (trusted modules) have access to create these type of stakers via the trait
StakingUnchecked.pallet-stakingdoes not do any validation on it.Defensively, we could add the following
virtual_stakershave zero nonce.The text was updated successfully, but these errors were encountered: