Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
Jacek.degen.eth π©
@jacek
If you're a Solidity dev and interested in helping out Degen by auditing or reviewing our Locked Degen ERC-20 contract, we'd love your support. Your help in finding bugs or suggesting code improvements would be greatly appreciated! Thanks! https://github.com/degen-token/degen-smart-contracts/pull/22
29 replies
35 recasts
211 reactions
J. Valeska π¦π©π«
@jvaleska.eth
some people is asking about it.. and I had to stop my audit.. after found it.. LN 130 - updateLockDuration() function This allow the owner to change the locking period.. between 0-365 days. LN 118 - if (block.timestamp <= depositTimestamps[msg.sender] + lockDuration) revert... This check on lockDuration in the withdraw function allows the owner to do some tricks with the locking period: - the owner could lock and unlock by managing to do a sandwich: updateLockFunction-withdraw-updateLockFunction, withdrawing without respecting the lock. And, setting it again locking users funds. - the owner could extend the locking period, from an initial 0 days to 1 year. Locking user funds for 1 year without user "permission".
13 replies
0 recast
6 reactions
Jacek.degen.eth π©
@jacek
This is a fair point. I was considering that in the future we might vote on adjusting the lock duration. However, I think a better approach is to launch separate contracts with different lock periods, such as 1 year and 3 months, based on demand. We'll also modify the lock duration function so that it can only be reduced. If we need to reduce the lock period to 0, it will apply to all users, and there will be no way to increase it again.
0 reply
0 recast
0 reaction
