[IF-FINDING-003] Minimum and maximum validator number validation

[AdriaCarrera]

[IF-FINDING-003] Minimum and maximum validator number validation

Description

Taking into consideration that in Proof of Authority (PoA), all validators have the same voting power, and that the Cosmos SDK staking module determines which validators are included in the active set based on their voting power, an issue arises when the maximum number of validators has already been reached.
If a new validator is added under these conditions, since it has the same voting power as the existing ones, the selection process may be affected by the validator’s address rather than its power. This means that a validator could be excluded from the active set not due to voting power differences, but simply due to address ordering.
To prevent this, a maximum validator count check should be enforced to block additional validators once the limit is reached—or at least until this limit is intentionally increased.
Additionally, when removing a validator a check if the minimum number of validators is reached should be added, just to prevent situations where the number of validators is to small so that even one validator is enough to break >1/3 number of byzantine validators Tendermint assumption.

Problem scenarios

• Validator admission to the active set can become dependent on its address.
• A minimum number of validators can be reached where a single byzantine validator is enough to break the >1/3 number of byzantine validators Tendermint assumption.

Recommendation

Introduce a minimum and a maximum number of validators check in methods to remove and add validator.

Applied changes

Add a check in AddValidator function inside keeper.go that checks if the number of validators exceeds the Maximum set in staking params