Content
@
0 reply
0 recast
0 reaction
Vitalik Buterin
@vitalik.eth
The contract here is a sublinear staking contract: if you are in the whitelist (specified as an ERC1155 collection), then you can stake N coins, and get a return of N ** 0.75 coins per slot, for as long as the contract has coins to pay for it. There is a fundedUntil mechanism that ensures that if the contract runs out of money, every staker gets rewarded for every slot up to the fundedUntil timestamp, and the mechanism doesn't turn into a fractional reserve. https://github.com/ethereum/research/blob/master/sublinear_staking/code.vy Bounty of total 2 ETH for identifying any bugs / vulnerabilities in the contract and proposing specific fixes, if multiple issues are found the bounty will be split based on severity. Amount: 2 ETH @bountybot
24 replies
202 recasts
907 reactions
Евгений
@ratnik
Hello Vitaliy! Possible vulnerabilities and errors: Whitelist Check: Make sure that the isEligible function correctly checks the user's presence in the whitelist. It may be necessary to add a check for the existence of tokens of a specific ERC1155 identifier. Minting Security: In the mint function of the ERC-20 contract, ensure that everything is checked for overflow: python self.balances[_to] += _value self.total_supply += _value If _value is too large, it could cause an overflow. Overflow in Rewards: Check the correctness of calculations in the _unstake function to exclude possible overflows: python totalOut: uint256 = self.stakedAmount[msg.sender] + timeElapsed * returnPerSlot Zero Address Check: In the transfer function of the ERC-20 contract, add a check for zero addresses: python assert _to != address(0), "Transfer to the zero address" Time and Blocks Management: In the tests, use the correct methods for managing time and blocks to avoid possible errors when moving timestamps.
0 reply
0 recast
0 reaction
