© 2025

•

•

Bounties on Farcaster

Completedon Nov 25

Vyper 🐍

Bug Bounty for Sublinear Staking Contract

Vitalik Bu...@vitalik.eth

·

1y

·

Posted 1 completed bounty

·

The contract here is a sublinear staking contract: if you are in the whitelist (specified as an ERC1155 collection), then you can stake N coins, and get a return of N ** 0.75 coins per slot, for as long as the contract has coins to pay for it. There is a fundedUntil mechanism that ensures that if the contract runs out of money, every staker gets rewarded for every slot up to the fundedUntil timestamp, and the mechanism doesn't turn into a fractional reserve. https://github.com/ethereum/research/blob/master/sublinear_staking/code.vy Bounty of total 2 ETH for identifying any bugs / vulnerabilities in the contract and proposing specific fixes, if multiple issues are found the bounty will be split based on severity. Amount: 2 ETH @bountybot

108

211

932

View in Farcaster

RepliesDirect replies

UsersList of users

Loading replies...

borodutch
Top bounty completer
@farcasteradmin.eth
·
1y
·
Completed 0 bounties
i wonder if line 88 should go before line 83 🤔 still exploring and trying to make sense of liabilities, just a hunch
androolloy...
Top bounty completer
@androolloyd
·
1y
·
Completed 0 bounties
something worth noting the isEligible check only happens on staking, so a user can acquire inline a token to flag true without having to actually hold the token for the duration of the staking. You'd likely want to do something where the eligible tokenID is locked into the staking contract for the duration.
💎🤲🚀👀
Top bounty completer
@555nase
·
1y
·
Completed 0 bounties
⭕️👀🚀
Varun Srin...
Top bounty completer
@v
·
1y
·
Completed 0 bounties
Cc @linda
Alex BIPLA...
Top bounty completer
@alexbiplab
·
1y
·
Completed 0 bounties
Good morning sir
Van
Top bounty completer
@gamerx2023
·
1y
·
Completed 0 bounties
Interesting concept! Could you share more about how the fundedUntil mechanism works in this contract?
🦒
Top bounty completer
@srijan.eth
·
1y
·
Completed 0 bounties
cc @vhawk19
glassglow
Top bounty completer
@ganumi
·
1y
·
Completed 0 bounties
wow, this sublinear staking contract is kinda interesting! the whole fundedUntil mechanism seems like a smart move to make sure every staker gets what they deserve, even if things go sideways. gotta love when projects think ahead like that. if anyone finds a bug, there's a sweet 2 ETH bounty up for grabs. happy hunting, code sleuths!
Gems🔵
Top bounty completer
@binibanini
·
1y
·
Completed 0 bounties
Nice
horsefacts
Top bounty completer
@horsefacts.eth
·
1y
·
Completed 5 bounties
(2 dev)
hey @z80.eth
creativity...
Top bounty completer
@dazen
·
1y
·
Completed 0 bounties
wow, this sublinear staking contract sounds interesting! the whole idea of getting returns based on N ** 0.75 coins is kinda cool. and the fundedUntil mechanism seems like a smart way to ensure folks get what they’re owed. if you're into finding bugs, there's a 2 ETH bounty up for grabs! anyone here planning to dive into this? looks like a neat opportunity to earn some crypto.
borodutch
Top bounty completer
@farcasteradmin.eth
·
1y
·
Completed 0 bounties
here's one issue: technically if someone stakes enough, they can bring `_fundedUntil` down so much that no one will get any rewards, but the entity that stakes enough token will get all the rewards moreover, the `isEligible` check just checks the balance of the token, which means if the token supports flash loans, one can flash loan large amount of token to stake, `stake`, bring down `_fundedUntil` to (maybe?) the same block, `unstake`, sell the rewarded token, cover cost of the flash loan and get profit can probably be mitigated by having a time-lock mechanism for staking (this should eliminate the threat of flash loans); maybe also limiting amount of rewards per address (but then one can spawn many addresses); or maybe limit the rewards by the proportion of total supply of the token staked? not sure
Joandro Ar...
Top bounty completer
@joandro2024
·
1y
·
Completed 0 bounties
Eh vitalik comment ethervista Thais project the best for brazilians
codecracke...
Top bounty completer
@krtglng
·
1y
·
Completed 0 bounties
wow, this staking contract is a game changer! love the sublinear returns and the security of that fundedUntil feature. on the lookout for bugs to snag that bounty! 🔍✨
Liliaccz
Top bounty completer
@cryptolif
·
1y
·
Completed 0 bounties
Hmmmm
pixel_pira...
Top bounty completer
@yungzakk
·
1y
·
Completed 0 bounties
hey folks, this sublinear staking thing sounds cool but complex! 😅 anyone up for the challenge? 2 ETH bounty is no joke! 💪
Firas Kesk...
Top bounty completer
@firaskeskes
·
1y
·
Completed 0 bounties
My concern about Potential Loophole: Users can exploit this by temporarily acquiring the ERC-1155 token to pass the initial eligibility check, then selling it while still benefiting from staking rewards. Impact on Token Value: This behavior might devalue the ERC-1155 token since users don't need to hold it long-term to benefit from staking. Fairness Concerns: Users who maintain ownership of the ERC-1155 token might feel disadvantaged compared to those who sell it immediately after staking. Is there any solution?
borodutch
Top bounty completer
@farcasteradmin.eth
·
1y
·
Completed 0 bounties
so, `_fundedUntil` is only relevant on L79 and is only used if it's in the past, it is whatever amount of token is free (balance - liabilities) divided by the current rate of paying out tokens per second + after the last time liabilities were recalculated `correctedNow` from L80 is probably more like `currentEndOfPayouts` time so the `liabilitiesLastUpdated` will turn into whatever `_fundedUntil()` was last when `_fundedUntil()` was in the past unless the contract is funded with more tokens and `_fundedUntil()` suddenly jumps into the future (or later than the locked `_fundedUntil()`)? not sure if there's an unintended behavior here (e.g. someone getting "short-sided" with less tokens than they would have gotten if they unstaked after the topup?) wonder if there's a vector of attack to fund the contract with more staked tokens directly (bypassing the `stake` function)? mitigation would be to lock `_fundedUntil()` if it ever gets behind `block.timestamp` 🤔 still exploring
Xloya
Top bounty completer
@chlo11e
·
1y
·
Completed 0 bounties
Nice
✳️ dcposch
Top bounty completer
@dcposch.eth
·
1y
·
Completed 0 bounties
not a vulnerability, but you probably want a configurable multiplier on getReturnPerSlot, otherwise results depend on token decimals. for example, stake 1 USDC = 1e6 ^ (3/4) = $0.03 reward per slot stake 1 DAI = 1e18 ^ (3/4) = $0.00003 reward per slot
CircuitBre...
Top bounty completer
@17tbpassport
·
1y
·
Completed 0 bounties
This staking model offers a unique way to incentivize participation while ensuring payouts with a clever fundedUntil mechanism. Exciting to see innovative approaches to staking. The bug bounty is a great opportunity for sharp eyes to enhance security. Anyone up for the challenge?
DoralphLuc...
Top bounty completer
@doralphlucchic
·
1y
·
Completed 0 bounties
Innovative staking contract with funding protection. Bounty for bug identification
Wayn
Top bounty completer
@waynegs
·
1y
·
Completed 0 bounties
yo this staking contract seems pretty solid, love the fundedUntil safety net! gonna take a crack at that bounty tho, who couldn't use some extra ETH? 🤓💰
altronte
Top bounty completer
@altronte
·
1y
·
Completed 0 bounties
👍
chill_vibe...
Top bounty completer
@tecnicshan11
·
1y
·
Completed 0 bounties
wow, this staking contract is wild! love the idea of rewarding early birds with that sublinear magic. 🪙 gotta dive into that code and maybe snag some of that bounty!
FriedGlory...
Top bounty completer
@friedglory140
·
1y
·
Completed 0 bounties
Interesting staking contract with sublinear rewards and fundedUntil mechanism. Bounty for identifying bugs/vulnerabilities
Dennison B...
Top bounty completer
@dennison
·
1y
·
Completed 0 bounties
This is pretty incredible to see! Have you seen our Governance Staking Contracts? To use staking to drive participation in governance? https://github.com/withtally/govstaking
Lysander
Top bounty completer
@lysander5
·
1y
·
Completed 0 bounties
@autobountybot
marta vázq...
Top bounty completer
@twntysix
·
1y
·
Completed 0 bounties
sounds like a cool staking mechanism! love how it ensures everyone gets paid fairly. who's diving into the code for that 2 ETH bounty? 🤑
JadenHellB...
Top bounty completer
@jadenhellbenmarc
·
1y
·
Completed 0 bounties
Interesting sublinear staking contract with funding mechanism. Bounty of 2 ETH for identifying bugs
Luca Gaspa...
Top bounty completer
@gaspa
·
1y
·
Completed 0 bounties
Good Morning Mr. Vitalik I’m here to show you $GOME - Game of Memes -iOS -Android -Leaderboards -Frequent in-game tournaments -Solana mobile partnership, if you preorder Saga 2 you will get an airdrop of $GOME -DEV burned 35% of the supply -Daily burns above 5Mill MC -Check out latest AMA for more Alpha -gome.lol $GOME $PEPE $WIF $SLERF $SHORK $POPCAT $MOG $WSB BOXER $MOUTAI #GOME #GameOfMemes #GOMEGAME 8ULCkCTUa3XXrNXaDVzPcja2tdJtRdxRr8T4eZjVKqk
Fractal Vi...
Top bounty completer
@fractalvisions.eth
·
1y
·
Completed 0 bounties
🤔
Mike Van d...
Top bounty completer
@punkvegita
·
1y
·
Completed 0 bounties
wow, this staking contract looks super interesting! love the fundedUntil safety net. might dig in to see if i spot any bugs, fingers crossed for that bounty! 🚀
Xoxoxfo525
Top bounty completer
@xoxoxfo525
·
1y
·
Completed 0 bounties
Innovative staking contract with potential security concerns. Bounty for bug identification and fixes
Crypto rat
Top bounty completer
@cryptorat11
·
1y
·
Completed 0 bounties
This is a fascinating approach to staking mechanics! The sublinear model seems like an innovative way to balance rewards with scalability. How do you envision this impacting smaller stakers versus whales in terms of participation incentives? Also, curious about the potential risks around the fundedUntil mechanism—what safeguards are in place to prevent sudden contract exhaustion?
sebayaki.e...
Top bounty completer
@if
·
1y
·
Completed 0 bounties
looks good overall, but I found a few potential issues: 1. ```vy def _fundedUntil() -> uint256: return ( self.liabilitiesLastUpdated + (staticcall STAKED_TOKEN_ADDRESS.balanceOf(self) - self.liabilities) // max(self.totalPayoutPerSlot, 1) ``` If the contract’s balance of the staked token `balanceOf(self)` is less than the total liabilities `self.liabilities`, the subtraction will underflow, causing a revert on `_unstake` method. It might be okay, but it would be better to handle it properly. 2. ```vy def stake(amount: uint256): ``` A user can stake an amount of 0, which could cause potential issues in other parts. I think adding an assertion `assert amount > 0` if staking a zero amount is not intended.
maxime dup...
Top bounty completer
@yeetraiders
·
1y
·
Completed 0 bounties
this staking contract sounds super interesting! 🤔 love the fundedUntil idea, ensures peeps get their rewards. gonna dive in & maybe snag that bounty! 💸
Izumi-chan
Top bounty completer
@izumichancto
·
1y
·
Completed 0 bounties
Hey Vitalik! Have you seen what we are doing as a sub 1M market cap meme? Izumi has an IRL dog shelter! You hold 1% of the supply of $IZUMI... it would mean a lot if you donate that to a dog charity of your choosing!
ShinScorpi...
Top bounty completer
@shinscorpion467
·
1y
·
Completed 0 bounties
Sublinear staking contract offering N coins return per slot for whitelist members. Bounty of 2 ETH for finding bugs/vulnerabilities
Catch0x22
Top bounty completer
@catch0x22.eth
·
1y
·
Completed 0 bounties
@askgina.eth can you explain what this contract is for in simple terms
kiddo
Top bounty completer
@daxta
·
1y
·
Completed 0 bounties
yo this sublinear staking thing sounds pretty cool, but also kinda complex. anyone diving into this for the bounty? 2 ETH is no joke! 🤑
Kuroseil87...
Top bounty completer
@kuroseil871
·
1y
·
Completed 0 bounties
Highly innovative staking contract with potential vulnerabilities. Reward for identifying bugs. Exciting opportunity for skilled developers
TroikenteA...
Top bounty completer
@troikenteappebra
·
1y
·
Completed 0 bounties
Interesting concept with potential for passive income, but security is key in staking contracts. Bug bounty shows commitment to safety
Francesco ...
Top bounty completer
@francescop
·
1y
·
Completed 0 bounties
Nice, we’ll run some scans with @almanax
Yeremy Ram...
Top bounty completer
@ratchetray
·
1y
·
Completed 0 bounties
yo this staking contract sounds super interesting! love the way they ensured payouts even if funds dry up. anyone wanna team up for that bounty? 2 ETH up for grabs! 🚀
Jouissance
Top bounty completer
@jouissance
·
1y
·
Completed 0 bounties
Ethereum/research
WritingFun...
Top bounty completer
@writingfun925
·
1y
·
Completed 0 bounties
Sublinear staking contract with ERC1155 whitelist. Bounty of 2 ETH for finding bugs
Francesco ...
Top bounty completer
@francescop
·
1y
·
Completed 0 bounties
Not a critical vulnerability but considered a minor issue that can lead to inefficiencies and potential edge case behaviors: - The `stake` function does not verify that the `amount` to stake is greater than zero. Allowing users to stake zero tokens can lead to unnecessary state changes and potential edge case behaviors. - Recommendation: Add a require statement in the `stake` function to ensure that the `amount` is greater than zero before proceeding with the staking logic.
moneywhiz
Top bounty completer
@noxxus
·
1y
·
Completed 0 bounties
yo this staking contract seems lit! 🔥 love that there's a fundedUntil safety net. anyone up for the bounty hunt? 2 ETH is calling! 💰
FutureDeba...
Top bounty completer
@frappuccino
·
1y
·
Completed 0 bounties
this staking contract is wild! 🤯 who knew math could be so profitable? gotta love that bounty incentive too! keep those hackers busy, lol 🚀
Thriving o...
Top bounty completer
@wardquey244
·
1y
·
Completed 0 bounties
Interesting concept with sublinear staking and fundedUntil mechanism, potential for vulnerabilities. Bounty offered for bug identification
MM
Top bounty completer
@listen2mm.eth
·
1y
·
Completed 1 bounty
(0 dev)
Can you follow @kevinmfer so he hopefully comes back to us? Thanks for everything btw
Spl4sh
Top bounty completer
@spl4sh
·
1y
·
Completed 0 bounties
wow this staking contract sounds super interesting! 🔥 love the idea of a bounty for finding bugs too, might give it a shot! let's see who can snag that 2 ETH! 😎💰
Yudha Ⓜ️
Top bounty completer
@perasyudha20
·
1y
·
Completed 0 bounties
Pump this token, sir 🤗 CA: 0x34c990ee5aa627e9304234cc59b0734163eac06b
Raúl
Top bounty completer
@rluke87
·
1y
·
Completed 0 bounties
Amaizing!!
ruz
Top bounty completer
@ruz
·
1y
·
Completed 1 bounty
(0 dev)
Ser. Can you make the contract hold an LP position, and pay out the LP yield? In this way, you have a lower initial payout but it could continue indefinitely.
lazy_dream...
Top bounty completer
@reubennn356
·
1y
·
Completed 0 bounties
sounds like a cool staking contract! sublinear returns are interesting. anyone gonna dive in for the bug bounty? 2 ETH up for grabs!
SlimBabe60...
Top bounty completer
@slimbabe608
·
1y
·
Completed 0 bounties
Sublinear staking contract: Whitelist ERC1155 collection, Stake N coins, Get N ** 0.75 return. FundedUntil mechanism. 2 ETH bounty for bugs
Rapa
Top bounty completer
@paramosha
·
1y
·
Completed 0 bounties
Ath goo
sarvad.bas...
Top bounty completer
@serverconnectd
·
1y
·
Completed 2 bounties
(2 dev)
ive never relly looked into to vyper but in the _unstake function shouldnt there be a require like check if the total amount to be sent back to the user is available in the contract?
LARicchezz...
Top bounty completer
@purpleonbase
·
1y
·
Completed 0 bounties
Base is blue Warpcast is $PURPLE
JollySmart...
Top bounty completer
@jollysmart989
·
1y
·
Completed 0 bounties
A sublinear staking contract with ERC1155 whitelist, offers returns based on staked coins. Bounty: 2 ETH for identifying bugs/vulnerabilities
Codingsh
Top bounty completer
@codingsh
·
1y
·
Completed 12 out of 14 bounties
I'm in
ThrillLawn...
Top bounty completer
@thrilllawnvashop
·
1y
·
Completed 0 bounties
Sublinear staking contract with 2 ETH bounty for bugs
TopicalSto...
Top bounty completer
@topicalstorissel
·
1y
·
Completed 0 bounties
Interesting sublinear staking contract with whitelist and fundedUntil mechanism, offering 2 ETH bounty for bug identification
Sivar 🌋🏄...
Top bounty completer
@charlesdev
·
1y
·
Completed 0 bounties
Muy poquito la paga. .. 🤣
RappaGnome...
Top bounty completer
@rappagnomegossip
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist. Bounty: 2 ETH. Bugs/vulnerabilities identified will be rewarded. Fix provided for each issue. Github link for details
AnnouncerS...
Top bounty completer
@announcersoft948
·
1y
·
Completed 0 bounties
Interesting sublinear staking contract with fundedUntil mechanism. Bounty of 2 ETH for bugs/vulnerabilities. Exciting opportunity for developers
slingn.eth
Top bounty completer
@slingn
·
1y
·
Completed 0 bounties
NetranzheJ...
Top bounty completer
@netranzhejimtech
·
1y
·
Completed 0 bounties
2 ETH bounty for identifying bugs/vulnerabilities in sublinear staking contract. bounty will split based on severity. See code.vy on github
sourave ro...
Top bounty completer
@souraveroy
·
1y
·
Completed 0 bounties
eggr
uratmangun
Top bounty completer
@koisose
·
1y
·
Completed 4 bounties
(3 dev)
ok its time for me to shine let me hack your shyte
DanyaSob
Top bounty completer
@danyasob
·
1y
·
Completed 0 bounties
Sublinear staking contract offers N ** 0.75 return per slot for whitelisted stakers. Mechanism ensures fair rewards without fractional reserve. 2 ETH bounty for finding bugs
TmanginnCo...
Top bounty completer
@tmanginncollogy
·
1y
·
Completed 0 bounties
2 ETH bounty for sublinear staking contract bugs. Bounty split based on severity. See GitHub for contract details
zkTriumph....
Top bounty completer
@zktriumph
·
1y
·
Completed 0 bounties
1500 $DEGEN
BeFar190
Top bounty completer
@befar190
·
1y
·
Completed 0 bounties
2 ETH bounty for identifying bugs in sublinear staking contract. Bounty split based on severity. @bountybot
Nick Torre...
Top bounty completer
@cryptonickt
·
1y
·
Completed 0 bounties
Nice!
Anton Buko...
Top bounty completer
@k06a
·
1y
·
Completed 0 bounties
This smart contract logic seems very close to what we with @zumzoom have implemented in 2020 for farming/incentives: https://github.com/k06a/Unipool/blob/master/contracts/Unipool.sol Later we reimplemented it using only 1 storage slot per user (EVM specific optimization): https://github.com/1inch/farming
EndeachRid...
Top bounty completer
@endeachridata
·
1y
·
Completed 0 bounties
Sublinear staking contract: whitelist for staking N coins, get N ** 0.75 return per slot, fundedUntil mechanism. Bounty: 2 ETH
Daimlin⚖️
Top bounty completer
@daimlingrowevax
·
1y
·
Completed 0 bounties
The sublinear staking contract allows whitelisted users to stake coins and earn returns, with a fundedUntil mechanism to prevent running out of funds. Bounty of 2 ETH offered for identifying bugs/vulnerabilities and proposing fixes
Anton Buko...
Top bounty completer
@k06a
·
1y
·
Completed 0 bounties
Auditing your algorithm: Sublinear gradual distribution of incentives to dynamic stakers whitelisted via soulbound tokens. Would you consider optimizing it further for EVM efficiency?
BooklaKiwi...
Top bounty completer
@booklakiwibear
·
1y
·
Completed 0 bounties
Whitelist staking contract: stake N coins, get N ** 0.75 return per slot. Bugs? Bounty: 2 ETH @bountybot
Daniel.Obr...
Top bounty completer
@watson25
·
1y
·
Completed 0 bounties
Why can you help me???? @vitalik.eth
VivalaarAl...
Top bounty completer
@vivalaarallowerl
·
1y
·
Completed 0 bounties
Interesting concept of a sublinear staking contract with a fundedUntil mechanism. Bounty offered for identifying bugs. Exciting opportunity for developers
IamarinaCo...
Top bounty completer
@iamarinacovervas
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist - 2 ETH bounty for finding bugs
kanai Debn...
Top bounty completer
@kanai
·
1y
·
Completed 0 bounties
Good Evening ✨
PuppyDicta...
Top bounty completer
@puppydictator25
·
1y
·
Completed 0 bounties
Sublinear staking contract: stake N coins, get N ** 0.75 coins per slot. Bounty: 2 ETH for bug fixes
Tarbay.bas...
Top bounty completer
@tarbay
·
1y
·
Completed 0 bounties
Hmm
Wudan Warr...
Top bounty completer
@wudanwarrior
·
1y
·
Completed 0 bounties
have you heard about $Friday before ? it's one of the first token deployed by @clanker
CrethicoCh...
Top bounty completer
@crethicochampish
·
1y
·
Completed 0 bounties
Sublinear staking contract, whitelist for ERC1155 collection, stake N coins for N ** 0.75 coins return per slot. Bounty: 2 ETH for bug fixes
vincemangu...
Top bounty completer
@vincemanguy
·
1y
·
Completed 0 bounties
This is the way🤝
Harmonic C...
Top bounty completer
@harmonia
·
1y
·
Completed 0 bounties
Hey @vitalik.eth have you heard about Publius?
Leonardo
Top bounty completer
@routeth
·
1y
·
Completed 0 bounties
Unique staking contract with sublinear rewards. Bounty of 2 ETH for bugs and fixes
Web3Mage
Top bounty completer
@jd114276
·
1y
·
Completed 0 bounties
楼主的观点很深刻，感谢分享。
Werak88.et...
Top bounty completer
@werak88
·
1y
·
Completed 0 bounties
Give me 1 eth bruh..you are crazy rich 🔥
Sike
Top bounty completer
@broku
·
1y
·
Completed 0 bounties
yo vitalik, have u tried @clanker ?
Thorne Sha...
Top bounty completer
@thornes
·
1y
·
Completed 0 bounties
Yo, this staking contract sounds pretty dope! I love the idea of getting a return on my staked coins, especially with that N ** 0.75 formula. It's cool that they have a fundedUntil mechanism in place to make sure everyone gets rewarded even if the contract runs out of funds. And offering a bounty for finding bugs or vulnerabilities? That's extra incentive to make sure this thing is rock solid. I'm definitely gonna check out the GitHub link and see if I can earn some ETH by helping out. Can't wait to see this project take off! #staking #crypto #bugbounty 🚀💰🔒
titian84
Top bounty completer
@tiantianup
·
1y
·
Completed 0 bounties
Nice
Hustle Ban...
Top bounty completer
@hustlebank
·
1y
·
Completed 0 bounties
0.75 in perpetuity without a graded mechanism (% of pool resources) would provide a short life span? @bountybot
CryptoMave...
Top bounty completer
@927
·
1y
·
Completed 0 bounties
楼主辛苦了，感谢你的分享。
🧑‍🦲LeaRe...
Top bounty completer
@leareza02
·
1y
·
Completed 0 bounties
please help me for eligible airdrop $SOSIAL sir🙏🙏🙏 Claiming my @socialtoken airdrop and crediting @vitalik.eth my social airdrop
crypto_ent...
Top bounty completer
@bobleeswagger
·
1y
·
Completed 0 bounties
Sounds like a solid opportunity!
sparky
Top bounty completer
@sunniep
·
1y
·
Completed 0 bounties
wow this sublinear staking concept is wild! love the idea of rewarding early adopters without draining the pool too fast. gotta get my eyes on that code and maybe snag some of that bounty 😎💰
Solkamo2
Top bounty completer
@zorryndra
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist + fundedUntil mechanism, 2 ETH bounty for bugs
Ralph
Top bounty completer
@potatto
·
1y
·
Completed 0 bounties
Wow
Lynbalvin
Top bounty completer
@lorti
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist & fundedUntil mechanism. 2 ETH bounty for bugs/vulnerabilities
Евгений
Top bounty completer
@ratnik
·
1y
·
Completed 0 bounties
Hello Vitaliy! Possible vulnerabilities and errors: Whitelist Check: Make sure that the isEligible function correctly checks the user's presence in the whitelist. It may be necessary to add a check for the existence of tokens of a specific ERC1155 identifier. Minting Security: In the mint function of the ERC-20 contract, ensure that everything is checked for overflow: python self.balances[_to] += _value self.total_supply += _value If _value is too large, it could cause an overflow. Overflow in Rewards: Check the correctness of calculations in the _unstake function to exclude possible overflows: python totalOut: uint256 = self.stakedAmount[msg.sender] + timeElapsed * returnPerSlot Zero Address Check: In the transfer function of the ERC-20 contract, add a check for zero addresses: python assert _to != address(0), "Transfer to the zero address" Time and Blocks Management: In the tests, use the correct methods for managing time and blocks to avoid possible errors when moving timestamps.
chillin' c...
Top bounty completer
@bombae
·
1y
·
Completed 0 bounties
this sounds interesting! 🚀 can't wait to dive into the code and see if there's anything to uncover. bounty time! 💰👨‍💻
sammoore
Top bounty completer
@blakesmith
·
1y
·
Completed 0 bounties
Opinion: Interesting sublinear staking contract with bug bounty of 2 ETH
Евгений
Top bounty completer
@ratnik
·
1y
·
Completed 0 bounties
External Contract Calls Check: Ensure that all external contract calls are checked for successful execution: python success: bool = extcall STAKED_TOKEN_ADDRESS.transfer(msg.sender, totalOut, default_return_value=True) assert success Suggested Fixes: Using Safe Mathematical Operations: It is recommended to use safe functions for arithmetic operations to avoid overflows, such as safeMath. Adding Checks for Minting: python @external def mint(_to: address, _value: uint256): assert _value > 0, "Mint value should be greater than zero" self.balances[_to] += _value self.total_supply += _value Improving Whitelist Check: python @view def isEligible(user: address) -> bool: balance: uint256 = staticcall UNIQUEID_TOKEN_ADDRESS.balanceOf(user, UNIQUEID_TOKEN_COLLECTION) return balance > 0
caseyjones
Top bounty completer
@caseyjones
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist & fundedUntil mechanism. Bugs bounty 2 ETH. Check code on GitHub
Евгений
Top bounty completer
@ratnik
·
1y
·
Completed 0 bounties
Eliminating Possible Overflows: Add overflow checks during calculations: python @view def getReturnPerSlot(x: uint256) -> uint256: return isqrt(x * isqrt(x)) // REWARD_DENOMINATOR Zero Address Checks: python @external def transfer(_to: address, _value: uint256) -> bool: assert _to != address(0), "Transfer to the zero address" assert self.balances[msg.sender] >= _value, "Insufficient balance" self.balances[msg.sender] -= _value self.balances[_to] += _value return True These changes will help improve the reliability and security of your smart contract.
Web3Ninja
Top bounty completer
@856
·
1y
·
Completed 0 bounties
感谢楼主的经验分享，学到了很多。
Solkamo2
Top bounty completer
@zorryndra
·
1y
·
Completed 0 bounties
Sublinear staking contract with fundedUntil mechanism for whitelist stakers. Bounty for bugs
zkleo.eth
Top bounty completer
@leoyanzon
·
1y
·
Completed 0 bounties
I don't get this.. I mean, what is the purpose of this sublinear staking contract? A social experiment or smthing?
DeFiSpecia...
Top bounty completer
@t6
·
1y
·
Completed 0 bounties
感谢楼主的分享，让我有了新的思考。
Lordrasolm...
Top bounty completer
@lordrasolmo
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist. Bounty for bugs
NFTTrader
Top bounty completer
@938
·
1y
·
Completed 0 bounties
楼主的分享让我收获满满，再次感谢！
DPC
Top bounty completer
@dpcexplorer
·
1y
·
Completed 0 bounties
Wow
Daniel Tom...
Top bounty completer
@tomas777
·
1y
·
Completed 0 bounties
💎
NFTNinja
Top bounty completer
@683
·
1y
·
Completed 0 bounties
很认真的分享，收获满满。
Alen 🎩
Top bounty completer
@fl0wer
·
1y
·
Completed 0 bounties
NiCe
Bltcoin
Top bounty completer
@bltcoin
·
1y
·
Completed 0 bounties
Eth is getting stronger by the day.
ChainDynam...
Top bounty completer
@airdropboy
·
1y
·
Completed 0 bounties
楼主的经验对我很有启发，感谢分享。
CryptoProf...
Top bounty completer
@cryptoprofeta
·
1y
·
Completed 0 bounties
Potential Bugs and Vulnerabilities in the Sublinear Staking Contract Reentrancy in _unstake: The _unstake function includes a transfer of tokens (extcall STAKED_TOKEN_ADDRESS.transfer). If the ERC20 token's transfer method is reentrant (e.g., custom implementation or callback mechanism), this could cause issues. Mitigation: Use a reentrancy guard or adjust state variables before the transfer. Rounding Errors in Rewards Calculation: The getReturnPerSlot function relies on integer square roots. Rounding could lead to incorrect reward calculations for small or large stakes. Test cases for edge conditions should verify correct behavior. Incorrect Liabilities Adjustment: In _unstake, liabilities are adjusted as self.liabilities -= totalOut. If there are multiple simultaneous unstake operations, there's a risk of inconsistent state updates due to race conditions. Mitigation: Implement locks or atomic operations to manage state updates. Division by Zero in _fundedUntil:
LeadNessCe...
Top bounty completer
@leadnesscentinu
·
1y
·
Completed 0 bounties
Innovative sublinear staking contract with built-in fund protection. Bounty for bugs identification
zkfriendly
Top bounty completer
@zkfriendly.eth
·
1y
·
Completed 0 bounties
a1 stakes 1 eth at time 0. fast forward 1000 blocks. a2 stakes 0.1 eth. fundedUntil breaks
FlorenceRi...
Top bounty completer
@florencericard
·
1y
·
Completed 0 bounties
This staking contract seems to have a promising mechanism for earning returns. I'm curious about the specifics of the fundedUntil mechanism. Could you please provide more information?
techwhiz_4...
Top bounty completer
@jacky0520
·
1y
·
Completed 0 bounties
yo this is pretty dope! a 2 ETH bounty is no joke! 💰 gotta love the transparency with the fundedUntil thing too. good luck to all the bug hunters out there! 🚀
Tien
Top bounty completer
@famer
·
1y
·
Completed 0 bounties
Buy misato on base
UpperLiveA...
Top bounty completer
@upperliveagervie
·
1y
·
Completed 0 bounties
Sublinear staking contract with whitelist, fundedUntil mechanism & bug bounty. Stake N coins, get N ** 0.75 return per slot. Bounty offered for identifying bugs/vulnerabilities
chill_vibe...
Top bounty completer
@kickstar
·
1y
·
Completed 0 bounties
wow, this staking contract sounds lit! 🚀 love how it's not a fractional reserve. anyone else diving into this?
RainRadar
Top bounty completer
@maejaby
·
1y
·
Completed 0 bounties
check out this sublinear staking contract on github! stake your coins and earn N^0.75 per slot if you're whitelisted. bounty of 2 ETH for finding bugs. dive in!
Audiodidak...
Top bounty completer
@audiodidakt314
·
1y
·
Completed 0 bounties
The main vulnerability is clearly the unclarified whitelist? Nearly all options to establish eligibility in crypto are squatted by human farms. Even proof of passports turned out vulnerable. Depending on the intention of the contract, adding proof of attendance (conferences or idenanetwork) could mittigate that issue?
glitzyjolt...
Top bounty completer
@takagunbm1
·
1y
·
Completed 0 bounties
sounds interesting, staking game on! 💰
AnnouncerB...
Top bounty completer
@announcerbrood84
·
1y
·
Completed 0 bounties
Sublinear staking contract with ERC1155 whitelist, N coins staked yield N ** 0.75 return per slot. FundedUntil ensures fair rewards if funds run out. Bounty for bug fixes
Web3Enthus...
Top bounty completer
@hcl
·
1y
·
Completed 0 bounties
楼主辛苦了！
sci-guy
Top bounty completer
@harmoairgetlam
·
1y
·
Completed 0 bounties
wow, this is super interesting! staking with a twist. love the fundedUntil idea to keep it fair. 🚀 gotta dig into this code and maybe find a bug or two! 🐛💰
alenils🎩
Top bounty completer
@alenils
·
1y
·
Completed 0 bounties
Love reading the comments here❤️
Molehead.B...
Top bounty completer
@molehead
·
1y
·
Completed 0 bounties
The World's First AI-to-AI Created Cryptocurrency #PARADOX NO HUMAN INVOLVEMENT REAL DEAL COMMUNITY DRIVEN FOR THE AI REVOLUTION 0x3c4b6Cd7874eDc945797123fcE2d9a871818524b
Fatih 🟦 b...
Top bounty completer
@lithium34
·
1y
·
Completed 0 bounties
Anon!!!
HippolySco...
Top bounty completer
@hippolyscoopash
·
1y
·
Completed 0 bounties
Innovative staking contract with protective measures against running out of funds. Bounty for identifying bugs. Exciting opportunity for researchers
Jayden
Top bounty completer
@distinguish
·
1y
·
Completed 0 bounties
GOOD JOB
John Doe
Top bounty completer
@umoby
·
1y
·
Completed 0 bounties
I don’t understand this? What are you trying to say?
Northieve4...
Top bounty completer
@northieve4meposh
·
1y
·
Completed 0 bounties
Sublinear staking contract offers reward based on staked coins. Bounty of 2 ETH for identifying bugs
NFTCreator
Top bounty completer
@u6
·
1y
·
Completed 0 bounties
楼主的总结非常到位。
dante
Top bounty completer
@dantemontes
·
1y
·
Completed 0 bounties
The sublinear staking contract allows whitelist members to stake coins and earn returns. The fundedUntil mechanism ensures fair reward distribution. Bounty offered for identifying bugs and vulnerabilities
Pokemon.ba...
Top bounty completer
@pabloz
·
1y
·
Completed 0 bounties
Hello. I have financial problems. Do you know any way to earn $1000-5000. Working online is also an option. Sorry to disturb you. I am asking you to save my life🙏
KaiBTC
Top bounty completer
@kaibtc
·
1y
·
Completed 0 bounties
Trush
sparky
Top bounty completer
@datboisus
·
1y
·
Completed 0 bounties
this staking contract sounds 🔥! sublinear returns are a cool twist. i'm no dev, but excited to see if anyone can spot bugs and earn that 2 ETH bounty 😎💰
MIMANG
Top bounty completer
@mimang0x
·
1y
·
Completed 0 bounties
awesome
VashopPurp...
Top bounty completer
@vashoppurpleshwo
·
1y
·
Completed 0 bounties
Interesting concept for a sublinear staking contract with ERC1155 whitelist. Bounty for bug identification
sneaky_fox
Top bounty completer
@jihyomas
·
1y
·
Completed 0 bounties
woah, this staking contract sounds super interesting! 🔥 gotta love those incentives to find bugs. happy hunting, devs! 🐛💰
StahBroadc...
Top bounty completer
@stahbroadcast310
·
1y
·
Completed 0 bounties
Interesting staking contract with sublinear returns. Bounty for bugs
TelCast
Top bounty completer
@telcaster
·
1y
·
Completed 0 bounties
I shouldn't hide my true strength anymore. Next, I will shine brightly.
Deanna890
Top bounty completer
@deanna890
·
1y
·
Completed 0 bounties
Interesting sublinear staking contract with whitelist and fundedUntil mechanism. Bounty of 2 ETH for identifying bugs/vulnerabilities
Illia Lies...
Top bounty completer
@wilerwiper
·
1y
·
Completed 0 bounties
I am in
joy007
Top bounty completer
@joy007
·
1y
·
Completed 0 bounties
good

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

`_unstake` does follow the CEI though, unless line 81 is considered an interaction (with its dependencies on lines 78:80), that's probably what triggers my spidey senses, interaction with sending tokens dependent on variables before the effects happen

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

i have a strange feeling that updating the `self.liabilities` on the line 83 by the amount dependent on `self._fundedUntil()` on line 79 (so, before we update it) which itself depends on `self.liabilities` is a bit sus in terms of potential reentrancy like someone (or maybe many people sending txs together) can somehow screw up `self.liability` which itself would screw up the math in `_fundedUntil` which will lead to screwed up line 83 because line 79 would somehow return modified `self._fundedUntil()` i'm not an expert in reentrancies but to be on a safer side i would somehow decouple liability increment calculations from the current liability number 🤔

Cast

Top bounty completer

·

1y

Liabilities go up by the previous liability-per-second rate between the last updated timestamp and now. Then you update the liability-per-second rate going forward from now. (But generally yeah, the liabilities / fundedUntil mechanism is the one part of this whole contract that I feel most uncertain about)

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

what i'm saying is that i really want to move line 82 to the beginning of the function, saving the stake amount into a local variable 🥲

Cast

Top bounty completer

·

1y

I'm definitely assuming that the whitelist tokens are soulbound. Should specify that explicitly perhaps?

Top bounty completer

·

1y

·

Completed 0 bounties

If soulbound then you are good to go, specifying that in the code though will make it more clear.

Top bounty completer

@nazaninfarcaster

·

1y

·

Completed 0 bounties

When $croak 🐸 on linea will be noticed by @vitalik.eth

Top bounty completer

·

1y

·

Completed 0 bounties

Hi @vitalik.eth! A bit unrelated, more focused in Ethereum History: would you be able to name the first ERC-20 created on Ethereum?

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

true, won't work with a flash loan, but potentially will work for a large whale that has enough cash not to use flash loan, but have 1 ms between staking and unstaking maybe?

Top bounty completer

·

1y

But getting returns requires you to stake for a nonzero duration. So any staking-and-unstaking inside of a flash loan should just give you back exactly what you put in and no more.

Cast

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

the numbers would probably need to be huge, maybe outside of the area without flash loans though, making return per slot equal to current staking balance with the current formula return per slot is calculated might be impractical 🤔 or maybe impossible e.g. staking gazilion tokens for 1ms so that return per slot is equal to current staking lmao

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

damn, sorry, `isEligible` doesn't matter here actually, it's a whitelist but still someone can get a flash loan for the staked token, `stake`, bring down the `_fundedUntil`, `unstake`, sell the extra tokens, pay for flash loan, get profit

Top bounty completer

@farcasteradmin.eth

·

1y

·

Completed 0 bounties

hmm, if `_fundedUntil()` is in the past, i wonder if someone can fund the contract with more tokens (bypassing the `stake` function) hence moving `_fundedUntil()` a bit forward in time to get more rewards than they are allocated for (i.e. increasing the number of slots)

Top bounty completer

·

1y

·

Completed 0 bounties

Your AutoBounty is already created. @vitalik.eth!

Top bounty completer

·

1y

·

Completed 0 bounties

did u get this from a bot what is the actual danger of staking 0 tokens

Top bounty completer

·

1y

·

Completed 12 out of 14 bounties

@vitalik.eth https://gist.github.com/developerfred/1cacc517dddbb29c203342c2a3d9d619

Top bounty completer

·

1y

·

Completed 33 bounties

(1 dev)

Top bounty completer

·

3mo

·

Completed 0 bounties

tip me $EGGS Boss ✌️😁

Top bounty completer

·

3mo

·

Completed 0 bounties

Top bounty completer

·

3mo

·

Completed 0 bounties

Please tip me $EGGS sir😭

Top bounty completer

·

10mo

·

Completed 0 bounties

Top bounty completer

·

7mo

·

Completed 0 bounties

Top bounty completer

·

6mo

·

Completed 0 bounties