Content pfp
Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
Jacek.degen.eth 🎩 pfp
Jacek.degen.eth 🎩
@jacek
If you're a Solidity dev and interested in helping out Degen by auditing or reviewing our Locked Degen ERC-20 contract, we'd love your support. Your help in finding bugs or suggesting code improvements would be greatly appreciated! Thanks! https://github.com/degen-token/degen-smart-contracts/pull/22
29 replies
35 recasts
211 reactions
J. Valeska 🦊🎩🫂 pfp
J. Valeska 🦊🎩🫂
@jvaleska.eth
some people is asking about it.. and I had to stop my audit.. after found it.. LN 130 - updateLockDuration() function This allow the owner to change the locking period.. between 0-365 days. LN 118 - if (block.timestamp <= depositTimestamps[msg.sender] + lockDuration) revert... This check on lockDuration in the withdraw function allows the owner to do some tricks with the locking period: - the owner could lock and unlock by managing to do a sandwich: updateLockFunction-withdraw-updateLockFunction, withdrawing without respecting the lock. And, setting it again locking users funds. - the owner could extend the locking period, from an initial 0 days to 1 year. Locking user funds for 1 year without user "permission".
13 replies
0 recast
6 reactions
0xteresa🎩 pfp
0xteresa🎩
@0xteresa.eth
I made a quick check and I didn’t see that there is a mapping to track the amount of DEGEN that users deposit, you only mint the new tokens. After that to withdraw you burn these new tokens, but what happens if the user gets more “new tokens” in not an honest way or buying them in the market? They will be able to unlock the real DEGEN tokens locked in the contract because you don’t track the real owner in your contract.
1 reply
0 recast
3 reactions
Backseats pfp
Backseats
@backseats
Happy to take a look
4 replies
0 recast
3 reactions
MetaEnd🎩 pfp
MetaEnd🎩
@metaend.eth
🚨 Audit Findings on DegenLockToken (Hash: 7c0977a79ef9e48480108f34a3d481f99346cc00) 🚨 🔍 High Severity: Owner can extend lock duration, impacting all current deposits. This can be used maliciously to lock funds indefinitely. Recommendation: Restrict changes to new deposits or implement decentralized governance. 🔍 Medium Severity: Missing events for critical actions like deposits and withdrawals. Recommendation: Emit events to ensure transparency. 🔍 Informational: Hardcoded token address limits flexibility. Recommendation: Pass the token address as a parameter during contract deployment. 🛠 Suggested Fixes: Split updateLockDuration function. Implement a killSwitch to set lock duration to 0. Apply updates only to new deposits using a mapping. https://github.com/ngmisl/degenlock-review/blob/main/audit.md
1 reply
0 recast
0 reaction
MetaEnd🎩 pfp
MetaEnd🎩
@metaend.eth
Does this imply that the owner could set my lock from 90 days to 364 days instead? What's the point of this function?
1 reply
0 recast
1 reaction
memes4airdrop pfp
memes4airdrop
@wake
cc @saxenasaheb (lmk if it is not okay to tag you for /fbi stuff)
1 reply
0 recast
2 reactions
Apex777 pfp
Apex777
@apex777.eth
Will have a look over it this evening.
0 reply
0 recast
1 reaction
Ox.crypto 🌈 🎩 pfp
Ox.crypto 🌈 🎩
@ox-crypto.eth
@rjs 🫡
0 reply
0 recast
1 reaction
MetaEnd🎩 pfp
MetaEnd🎩
@metaend.eth
First glance: the mint function should also check if it's paused as a condition
1 reply
0 recast
1 reaction
sebayaki.eth pfp
sebayaki.eth
@if
I just reviewed the code as well, and it looks fine :) The code was very clean and simple, so there’s not much I could add, except just one minor thing: https://github.com/degen-token/degen-smart-contracts/pull/22/files#r1666170427 6666 👏🏻
0 reply
0 recast
0 reaction
Ruhul pfp
Ruhul
@ruhul0.eth
I've done 2 commit. One for reducing gas fee and making min deposit and lock duration private Another one is to using deployContract instead of contract as contract is depricated. Also instead of using big integer number preferred bitint for clearer constructor use
0 reply
0 recast
0 reaction
J. Valeska 🦊🎩🫂 pfp
J. Valeska 🦊🎩🫂
@jvaleska.eth
okay, got a task for today :)
0 reply
0 recast
0 reaction
DegenFans 🎩🔵🫂Ⓜ️ pfp
DegenFans 🎩🔵🫂Ⓜ️
@degenfans
In DepositTimestampUpdated maybe add the amount so it could be easier to query the base logs
0 reply
0 recast
0 reaction
DegenFans 🎩🔵🫂Ⓜ️ pfp
DegenFans 🎩🔵🫂Ⓜ️
@degenfans
Maybe it makes sense to safe the lock duration at the timestamp someone locked. Otherwise we start with 90 days and the owner could extend it to one year and I am also effected even I did this with the 90 days expected?
0 reply
0 recast
0 reaction
Emily 🎩🃏🍖 pfp
Emily 🎩🃏🍖
@mahla
❤️❤️
0 reply
0 recast
0 reaction
SonOfMosiah pfp
SonOfMosiah
@sonofmosiah.eth
safeERC20 isn't needed here. SafeERC20 was developed to handle tokens that don't conform to the ERC20 spec (looking at you USDT); that doesn't apply to DEGEN.
0 reply
0 recast
0 reaction
Idan Levin 🎩 pfp
Idan Levin 🎩
@idanlevin
How about introducing a delegation model? For instance, if I stake Degen I could delegate that staking to another address. This way, even if I'm holding my Degen in a cold wallet, I could still participate in various activities from my hot wallet which is the one connected to Farcaster
0 reply
0 recast
0 reaction
Tantodefi.eth pfp
Tantodefi.eth
@tantodefi
@viraz you should take a peek
0 reply
0 recast
1 reaction
Soren Starr pfp
Soren Starr
@sore
Great job!
0 reply
0 recast
0 reaction