Skip to content

Instantly share code, notes, and snippets.

@dieselc

dieselc/ClodStaking_audit.md Secret

Last active October 18, 2018 06:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dieselc/68a7544b19f107275cd126230329f527 to your computer and use it in GitHub Desktop.
Save dieselc/68a7544b19f107275cd126230329f527 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ClodStaking_audit.md

Issue Severity: Medium

Impact: Stakers reward divided by half or more (worst case scenario).

"Medium severity issue. 200,000 CLO (~0,442 BTC) for finding security vulnerabilities and bugs, that could not be directly exploited but can affect contracts in some specific circumstances and can cause a loss of funds for a certain stakers."

Audited contract commit hash: 244ed1d2c3fe39d3a65d9e901a2812c3364b7c28

Scenario:

  • Staker X stake at time T.
  • Staker X claim is made more than 27 days after the first start_staking call.

Issue:

if the claim is made in the worst case scenario 27+26 days after the first stake request:

  • _StakerWeight will represent only the first 27 days staker weight.
  • TotalStakingWeight will represent the 27+26 days total weight. Assuming a growth of 0% since the 27th day of total staked amount the real reward will be divided by half, any higher growth will reduce the reward more.

This issue is related with all stakers that wait more than the claim period. Other scenarios can cause the same issue. the one presented is just one case.

Solution

Calculate the whole staking weight of a staker including the whole staking period.

Callisto Address

0x582121f1f16d1df3483a0c49650f4416aaf6e52d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment