Content pfp
Content
@
0 reply
0 recast
0 reaction
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
The contract here is a sublinear staking contract: if you are in the whitelist (specified as an ERC1155 collection), then you can stake N coins, and get a return of N ** 0.75 coins per slot, for as long as the contract has coins to pay for it. There is a fundedUntil mechanism that ensures that if the contract runs out of money, every staker gets rewarded for every slot up to the fundedUntil timestamp, and the mechanism doesn't turn into a fractional reserve. https://github.com/ethereum/research/blob/master/sublinear_staking/code.vy Bounty of total 2 ETH for identifying any bugs / vulnerabilities in the contract and proposing specific fixes, if multiple issues are found the bounty will be split based on severity. Amount: 2 ETH @bountybot
24 replies
202 recasts
907 reactions
borodutch pfp
borodutch
@warpcastadmin.eth
here's one issue: technically if someone stakes enough, they can bring `_fundedUntil` down so much that no one will get any rewards, but the entity that stakes enough token will get all the rewards moreover, the `isEligible` check just checks the balance of the token, which means if the token supports flash loans, one can flash loan large amount of token to stake, `stake`, bring down `_fundedUntil` to (maybe?) the same block, `unstake`, sell the rewarded token, cover cost of the flash loan and get profit can probably be mitigated by having a time-lock mechanism for staking (this should eliminate the threat of flash loans); maybe also limiting amount of rewards per address (but then one can spawn many addresses); or maybe limit the rewards by the proportion of total supply of the token staked? not sure
1 reply
1 recast
26 reactions
borodutch pfp
borodutch
@warpcastadmin.eth
damn, sorry, `isEligible` doesn't matter here actually, it's a whitelist but still someone can get a flash loan for the staked token, `stake`, bring down the `_fundedUntil`, `unstake`, sell the extra tokens, pay for flash loan, get profit
1 reply
0 recast
1 reaction
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
But getting returns requires you to stake for a nonzero duration. So any staking-and-unstaking inside of a flash loan should just give you back exactly what you put in and no more.
1 reply
0 recast
2 reactions
borodutch pfp
borodutch
@warpcastadmin.eth
true, won't work with a flash loan, but potentially will work for a large whale that has enough cash not to use flash loan, but have 1 ms between staking and unstaking maybe?
1 reply
0 recast
0 reaction
borodutch pfp
borodutch
@warpcastadmin.eth
the numbers would probably need to be huge, maybe outside of the area without flash loans though, making return per slot equal to current staking balance with the current formula return per slot is calculated might be impractical πŸ€” or maybe impossible e.g. staking gazilion tokens for 1ms so that return per slot is equal to current staking lmao
0 reply
0 recast
0 reaction