#RemoveVault #60MsLife

Here is a vulnerability that we recently identified @ChDefendersEth in the @stakedotlink contest! 🔍 It was located in the OperatorVCS contract: Vaults can keep withdrawing rewards even after being "removed"! Reason: vaultMapping isn't updated to false in the removeVault function. Here's how it works: 1. Add a vault ✅ 2. "Remove" it 🚫 3. Vault is still able to withdraw rewards 💸 Here’s the fix we proposed : function removeVault(uint256 _queueIndex) public { address vault = vaultsToRemove[_queueIndex]; vaultMapping[vault] = false; // ... rest of the function ... }