prevent dispatching if validator owner is sanctioned

kilnfi · Jan 17, 2025 · e57e671 · e57e671
1 parent 9fc63c3
commit e57e671
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 1 deletion.
diff --git a/.yarn/install-state.gz b/.yarn/install-state.gz
diff --git a/src/contracts/StakingContract.sol b/src/contracts/StakingContract.sol
@@ -274,9 +274,16 @@ contract StakingContract {
 
     /// @notice Retrieve withdrawer of public key root
     /// @notice In case the validator is not enabled, it will return address(0)
+    /// @notice In case the owner of the validator is sanctioned, it will return address(0)
     /// @param _publicKeyRoot Hash of the public key
     function getWithdrawerFromPublicKeyRoot(bytes32 _publicKeyRoot) external view returns (address) {
-        return _getWithdrawer(_publicKeyRoot);
+        address withdrawer = _getWithdrawer(_publicKeyRoot);
+        if (StakingContractStorageLib.getSanctionsOracle() != address(0)) {
+            if (ISanctionsOracle(StakingContractStorageLib.getSanctionsOracle()).isSanctioned(withdrawer)) {
+                revert AddressSanctioned(withdrawer);
+            }
+        }
+        return withdrawer;
     }
 
     /// @notice Retrieve whether the validator exit has been requested

diff --git a/src/test/StakingContract.t.sol b/src/test/StakingContract.t.sol
@@ -3291,4 +3291,33 @@ contract StakingContractBehindProxyTest is Test {
         vm.prank(admin);
         stakingContract.blockAccount(bob, PUBKEY_2);
     }
+
+    error AddressSanctioned(address addr);
+
+    function test_withdraw_from_recipient_owner_sanctioned() public {
+        vm.prank(admin);
+        stakingContract.setSanctionsOracle(address(oracle));
+        assertFalse(oracle.isSanctioned(bob));
+
+        vm.deal(bob, 32 ether);
+
+        vm.prank(bob);
+        stakingContract.deposit{value: 32 ether}();
+
+        address clfr = stakingContract.getCLFeeRecipient(PUBKEY_1);
+        vm.deal(clfr, 1 ether);
+
+        vm.prank(bob);
+        // First withdrawal deploy the recipient such that afterwards it's possible to trigger
+        // the withdrawal from the recipient directly
+        stakingContract.withdrawCLFee(PUBKEY_1);
+
+        oracle.setSanction(bob, true);
+
+        vm.deal(clfr, 1 ether);
+
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSignature("AddressSanctioned(address)", bob));
+        IFeeRecipient(clfr).withdraw();
+    }
 }