Content pfp
Content
@
0 reply
0 recast
0 reaction
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
The contract here is a sublinear staking contract: if you are in the whitelist (specified as an ERC1155 collection), then you can stake N coins, and get a return of N ** 0.75 coins per slot, for as long as the contract has coins to pay for it. There is a fundedUntil mechanism that ensures that if the contract runs out of money, every staker gets rewarded for every slot up to the fundedUntil timestamp, and the mechanism doesn't turn into a fractional reserve. https://github.com/ethereum/research/blob/master/sublinear_staking/code.vy Bounty of total 2 ETH for identifying any bugs / vulnerabilities in the contract and proposing specific fixes, if multiple issues are found the bounty will be split based on severity. Amount: 2 ETH @bountybot
23 replies
172 recasts
729 reactions
borodutch pfp
borodutch
@warpcastadmin.eth
so, `_fundedUntil` is only relevant on L79 and is only used if it's in the past, it is whatever amount of token is free (balance - liabilities) divided by the current rate of paying out tokens per second + after the last time liabilities were recalculated `correctedNow` from L80 is probably more like `currentEndOfPayouts` time so the `liabilitiesLastUpdated` will turn into whatever `_fundedUntil()` was last when `_fundedUntil()` was in the past unless the contract is funded with more tokens and `_fundedUntil()` suddenly jumps into the future (or later than the locked `_fundedUntil()`)? not sure if there's an unintended behavior here (e.g. someone getting "short-sided" with less tokens than they would have gotten if they unstaked after the topup?) wonder if there's a vector of attack to fund the contract with more staked tokens directly (bypassing the `stake` function)? mitigation would be to lock `_fundedUntil()` if it ever gets behind `block.timestamp` πŸ€” still exploring
1 reply
0 recast
0 reaction
borodutch pfp
borodutch
@warpcastadmin.eth
hmm, if `_fundedUntil()` is in the past, i wonder if someone can fund the contract with more tokens (bypassing the `stake` function) hence moving `_fundedUntil()` a bit forward in time to get more rewards than they are allocated for (i.e. increasing the number of slots)
0 reply
0 recast
0 reaction