Committee map node transfer inconsistency issue #333
Description
Description
The committee_map module exhibits a critical state inconsistency when nodes are transferred
between committees using the upsert_committee_member function. Currently, when a node is
moved from Committee A to Committee B, the node_to_committee_map is updated to reflect the
new committee, but the node’s entry in Committee A’s internal map is not removed. This creates a
dangling reference, leading to an inconsistent state where the node appears in both committees’
internal storage while officially belonging to only one.
When a node is moved between committees, the system creates an inconsistency where the node’s
mapping points to the new committee but the node remains in the old committee’s member list.
This corruption makes any one of the two committees permanently undeletable because the
cleanup process fails when it cannot find the expected node mappings, causing denial of service
(DOS).
Preliminary investigation
upsert_committee_member overwrites node_to_committee_map but never removes the node from its prior committee map, so orphaned entries persist and prevent clean deletions.
Initial investigation reveals, for DORA, we are not actively using this module from the framework itself but a copy of this module deployed under the address 0x_____. Therefore we need to fix this bug in SupraFramework as well as the other address.
Recommendation
Modify upsert_committee_member to first remove the node from its old committee (if any) before
adding it to the new one.