Submission Details
Impact:
Likelihood:
Stakers will receive 1e18 less CRED than expected
Author Revealed upon completion
Root + Impact
Description
The protocol implements a staking mechanics. Users can stake their rappers and will earn CRED per full day staked. However, the reward is only 1 unit of CRED, which is unexpectedly low.
// streets::unstake
@> if (days_staked >= 1) { cred_token::mint(module_owner, staker_addr, 1); };
@> if (days_staked >= 2) { cred_token::mint(module_owner, staker_addr, 1); };
@> if (days_staked >= 3) { cred_token::mint(module_owner, staker_addr, 1); };
@> if (days_staked >= 4) { cred_token::mint(module_owner, staker_addr, 1); };
Risk
Likelihood:
Happens every time a user unstakes a rapper after at least 1 day of staking
Impact:
Users receive 1e8 less CRED than expected
Recommended Mitigation
- if (days_staked >= 1) { cred_token::mint(module_owner, staker_addr, 1); };
- if (days_staked >= 2) { cred_token::mint(module_owner, staker_addr, 1); };
- if (days_staked >= 3) { cred_token::mint(module_owner, staker_addr, 1); };
- if (days_staked >= 4) { cred_token::mint(module_owner, staker_addr, 1); };
+ if (days_staked >= 1) { cred_token::mint(module_owner, staker_addr, 100000000); };
+ if (days_staked >= 2) { cred_token::mint(module_owner, staker_addr, 100000000); };
+ if (days_staked >= 3) { cred_token::mint(module_owner, staker_addr, 100000000); };
+ if (days_staked >= 4) { cred_token::mint(module_owner, staker_addr, 100000000); };
Rewards breakdown
nSLOC
436This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.