src/pol/BeaconDeposit.sol operator address is prone to front-running #2
Description
Validator Operator address, which is used for POL management, and which is set on the first deposit, could be potentially front-run by illegitimate actors who could attempt to control the validator POL operations and collect the validator BGT and incentive rewards.
By front-running the deposit to replace the legitimate operator's address to one they control, they would still eventually trigger the failure of the legitimate's first deposit, which could be easily noticed by the validator personnel, who could therefore shut down the validator node, resulting in no block proposals and hence no POL rewards being generated for the limited duration of the exposure to the abuse.
This process is thoroughly documented and communicated to node operators, ensuring they are aware of the possibility and know how to address it.
It is also worth mentioning that the minimum deposit amount is set to 10K BERA but the stake to make the validator active is 250K BERA, raising the effective cost of any such attempt to 250K BERA, whereas the cost of carrying out a griefing attack against any legitimate public key is 10K BERA.