We have received a report from immunefi where attacker could destroy it's staking position nft by calling burn function. This would not decrease total rewards counter, however the user could recreate new staking position and increase total reward counter again. This means all of the stakers now own lower part of the total staking rewards.
While this issue is not possible to exploit for personal gain, it will lower the reward for other participants and leave some rewards unclaimable in current periods. This is easily fixable afterwards by a change in parameters, but it classifies as "putting chain in unintended state" which translates to medium level reward in our immunefi programme.
Proposed reward 5k$ in HDX 7d Average at 0.01381~
fix below
https://github.com/galacticcouncil/hydration-node/pull/1083
After checking, this is a proposal initiated by the team.
But in order to improve the efficiency of proposal voting and urge identity authentication, I voted against it
There is a lot of room for optimization in identity authentication