curvefi / curve-dao-contracts Goto Github PK
View Code? Open in Web Editor NEWVyper contracts to be used by Curve DAO
License: MIT License
curve-dao-contracts's People
Contributors
Stargazers
Watchers
Forkers
joerlop amadeobrands fxfactorial zhoudaqing jakobp phibosgit macor161 transferdeer punkstable-protocol emlazzarin semenka yshssh guardian939 moonytrade whirlfi victorleejw alsco77 sudorandomdegen shengda pythonpete32 lzhou1110 lurium cdyfng chenzhijie sunker0115 syndicatefinance forest-friends lushan1314 samwerner demmojo banteg skellet0r jrushslo iamdefinitelyahuman yurivin developerfred bill-clippy vagrant1991 0xrs daonow unidentifiedcustomer asafsilman curvefi-clone tandelov sharedstake-dev meanking iconationdevteam alorehermit oishun1112 benber86 creamfi thanzou stonegithubs btcbotter mahadao ethernautas shibacrypt equilibrium-eosdt buffal0bill jimmy-openlev everblake cryptowhaler mobiusamm terrasolstice victaphu onebuc tatekim wongyoohoo chudnov echovl 0xchani beefmaster aaron-benson jacobdmn gwalen tapired weber77 ecocommunity-dao mutephil aqualisdao artat9 cinquemb wanglonghong future-2022 bout3fiddy spark8899 beedaoteam matthewlilley shibuidao cortexdao pynchmeister jeff-vrh 0xrake m-adrees jackg-eth saadmajeed26 pakchu tok1t4n1k0 whybangbang akirab1n4r1curve-dao-contracts's Issues
revoked smart contract right with SmartWalletWhitelist doesn't propagate to the rewards booster
senario :
- SmartWalletWhitelist contract approved
- booster applied
- SmartWalletWhitelist contract revoked
- booster is still applied
Problems deploying on Eth mainnet
Hi respectful Curve team and community. I try to reuse VotingEscrow contract with some changes and we already deployed it successfully on BSC and Rinkeby, but on Ethereum main net deploy fails with code 0x0.
Transaction 0x745fc97de84dca7ce65fd86af6b9bfba1f552d1b5c2266c02bc4339a3fa63608 has failed with status: 0x0. Gas used: 313223. Revert reason: 'execution reverted'
We thought the contract size might be an issue and I reduced it, but it does not help. If it is possible to get your consultation, please help. I also attach the customized code of your contract that we are using.
----------------------Contract code-----------------
# @version 0.2.12
"""
@title Voting Escrow
@author Curve Finance & Polars.io
@license MIT
@notice Votes have a weight depending on time, so that users are
committed to the future of (whatever they are voting for)
@dev Vote weight decays linearly over time. Lock time cannot be
more than `MAXTIME` (4 years).
"""
# Voting escrow to have time-weighted votes
# Votes have a weight depending on time, so that users are committed
# to the future of (whatever they are voting for).
# The weight in this implementation is linear, and lock cannot be more than maxtime:
# w ^
# 1 + /
# | /
# | /
# | /
# |/
# 0 +--------+------> time
# maxtime (4 years?)
struct Point:
bias: int128
slope: int128 # - dweight / dt
ts: uint256
blk: uint256 # block
# We cannot really do block numbers per se b/c slope is per time, not per block
# and per block could be fairly bad b/c Ethereum changes blocktimes.
# What we can do is to extrapolate ***At functions
struct LockedBalance:
amount: int128
end: uint256
interface ERC20:
def decimals() -> uint256: view
def name() -> String[64]: view
def symbol() -> String[32]: view
def transfer(to: address, amount: uint256) -> bool: nonpayable
def transferFrom(spender: address, to: address, amount: uint256) -> bool: nonpayable
# Interface for checking whether address belongs to a whitelisted
# type of a smart wallet.
# When new types are added - the whole contract is changed
# The check() method is modifying to be able to use caching
# for individual wallet addresses
interface SmartWalletChecker:
def check(addr: address) -> bool: nonpayable
DEPOSIT_FOR_TYPE: constant(int128) = 0
CREATE_LOCK_TYPE: constant(int128) = 1
INCREASE_LOCK_AMOUNT: constant(int128) = 2
INCREASE_UNLOCK_TIME: constant(int128) = 3
event Deposit:
provider: indexed(address)
value: uint256
locktime: indexed(uint256)
type: int128
ts: uint256
event Withdraw:
provider: indexed(address)
value: uint256
ts: uint256
event Supply:
prevSupply: uint256
supply: uint256
WEEK: constant(uint256) = 7 * 86400 # all future times are rounded by week
MAXTIME: constant(uint256) = 4 * 365 * 86400 # 4 years
MULTIPLIER: constant(uint256) = 10 ** 18
token: public(address)
supply: public(uint256)
locked: public(HashMap[address, LockedBalance])
epoch: public(uint256)
point_history: public(Point[100000000000000000000000000000]) # epoch -> unsigned point
user_point_history: public(HashMap[address, Point[1000000000]]) # user -> Point[user_epoch]
user_point_epoch: public(HashMap[address, uint256])
slope_changes: public(HashMap[uint256, int128]) # time -> signed slope change
# Aragon's view methods for compatibility
controller: public(address)
transfersEnabled: public(bool)
name: public(String[64])
symbol: public(String[32])
version: public(String[32])
decimals: public(uint256)
# Checker for whitelisted (smart contract) wallets which are allowed to deposit
# The goal is to prevent tokenizing the escrow
future_smart_wallet_checker: public(address)
smart_wallet_checker: public(address)
@external
def __init__(token_addr: address, _name: String[64], _symbol: String[32], _version: String[32]):
"""
@notice Contract constructor
@param token_addr `ERC20CRV` token address
@param _name Token name
@param _symbol Token symbol
@param _version Contract version - required for Aragon compatibility
"""
self.token = token_addr
self.point_history[0].blk = block.number
self.point_history[0].ts = block.timestamp
self.controller = msg.sender
self.transfersEnabled = True
_decimals: uint256 = ERC20(token_addr).decimals()
assert _decimals <= 255
self.decimals = _decimals
self.name = _name
self.symbol = _symbol
self.version = _version
@external
@view
def get_last_user_slope(addr: address) -> int128:
"""
@notice Get the most recently recorded rate of voting power decrease for `addr`
@param addr Address of the user wallet
@return Value of the slope
"""
uepoch: uint256 = self.user_point_epoch[addr]
return self.user_point_history[addr][uepoch].slope
@external
@view
def user_point_history__ts(_addr: address, _idx: uint256) -> uint256:
"""
@notice Get the timestamp for checkpoint `_idx` for `_addr`
@param _addr User wallet address
@param _idx User epoch number
@return Epoch time of the checkpoint
"""
return self.user_point_history[_addr][_idx].ts
@external
@view
def locked__end(_addr: address) -> uint256:
"""
@notice Get timestamp when `_addr`'s lock finishes
@param _addr User wallet
@return Epoch time of the lock end
"""
return self.locked[_addr].end
@internal
def _checkpoint(addr: address, old_locked: LockedBalance, new_locked: LockedBalance):
"""
@notice Record global and per-user data to checkpoint
@param addr User's wallet address. No user checkpoint if 0x0
@param old_locked Pevious locked amount / end lock time for the user
@param new_locked New locked amount / end lock time for the user
"""
u_old: Point = empty(Point)
u_new: Point = empty(Point)
old_dslope: int128 = 0
new_dslope: int128 = 0
_epoch: uint256 = self.epoch
if addr != ZERO_ADDRESS:
# Calculate slopes and biases
# Kept at zero when they have to
if old_locked.end > block.timestamp and old_locked.amount > 0:
u_old.slope = old_locked.amount / MAXTIME
u_old.bias = u_old.slope * convert(old_locked.end - block.timestamp, int128)
if new_locked.end > block.timestamp and new_locked.amount > 0:
u_new.slope = new_locked.amount / MAXTIME
u_new.bias = u_new.slope * convert(new_locked.end - block.timestamp, int128)
# Read values of scheduled changes in the slope
# old_locked.end can be in the past and in the future
# new_locked.end can ONLY by in the FUTURE unless everything expired: than zeros
old_dslope = self.slope_changes[old_locked.end]
if new_locked.end != 0:
if new_locked.end == old_locked.end:
new_dslope = old_dslope
else:
new_dslope = self.slope_changes[new_locked.end]
last_point: Point = Point({bias: 0, slope: 0, ts: block.timestamp, blk: block.number})
if _epoch > 0:
last_point = self.point_history[_epoch]
last_checkpoint: uint256 = last_point.ts
# initial_last_point is used for extrapolation to calculate block number
# (approximately, for *At methods) and save them
# as we cannot figure that out exactly from inside the contract
initial_last_point: Point = last_point
block_slope: uint256 = 0 # dblock/dt
if block.timestamp > last_point.ts:
block_slope = MULTIPLIER * (block.number - last_point.blk) / (block.timestamp - last_point.ts)
# If last point is already recorded in this block, slope=0
# But that's ok b/c we know the block in such case
# Go over weeks to fill history and calculate what the current point is
t_i: uint256 = (last_checkpoint / WEEK) * WEEK
for i in range(255):
# Hopefully it won't happen that this won't get used in 5 years!
# If it does, users will be able to withdraw but vote weight will be broken
t_i += WEEK
d_slope: int128 = 0
if t_i > block.timestamp:
t_i = block.timestamp
else:
d_slope = self.slope_changes[t_i]
last_point.bias -= last_point.slope * convert(t_i - last_checkpoint, int128)
last_point.slope += d_slope
if last_point.bias < 0: # This can happen
last_point.bias = 0
if last_point.slope < 0: # This cannot happen - just in case
last_point.slope = 0
last_checkpoint = t_i
last_point.ts = t_i
last_point.blk = initial_last_point.blk + block_slope * (t_i - initial_last_point.ts) / MULTIPLIER
_epoch += 1
if t_i == block.timestamp:
last_point.blk = block.number
break
else:
self.point_history[_epoch] = last_point
self.epoch = _epoch
# Now point_history is filled until t=now
if addr != ZERO_ADDRESS:
# If last point was in this block, the slope change has been applied already
# But in such case we have 0 slope(s)
last_point.slope += (u_new.slope - u_old.slope)
last_point.bias += (u_new.bias - u_old.bias)
if last_point.slope < 0:
last_point.slope = 0
if last_point.bias < 0:
last_point.bias = 0
# Record the changed point into history
self.point_history[_epoch] = last_point
if addr != ZERO_ADDRESS:
# Schedule the slope changes (slope is going down)
# We subtract new_user_slope from [new_locked.end]
# and add old_user_slope to [old_locked.end]
if old_locked.end > block.timestamp:
# old_dslope was <something> - u_old.slope, so we cancel that
old_dslope += u_old.slope
if new_locked.end == old_locked.end:
old_dslope -= u_new.slope # It was a new deposit, not extension
self.slope_changes[old_locked.end] = old_dslope
if new_locked.end > block.timestamp:
if new_locked.end > old_locked.end:
new_dslope -= u_new.slope # old slope disappeared at this point
self.slope_changes[new_locked.end] = new_dslope
# else: we recorded it already in old_dslope
# Now handle user history
user_epoch: uint256 = self.user_point_epoch[addr] + 1
self.user_point_epoch[addr] = user_epoch
u_new.ts = block.timestamp
u_new.blk = block.number
self.user_point_history[addr][user_epoch] = u_new
@internal
def _deposit_for(_addr: address, _value: uint256, unlock_time: uint256, locked_balance: LockedBalance, type: int128):
"""
@notice Deposit and lock tokens for a user
@param _addr User's wallet address
@param _value Amount to deposit
@param unlock_time New time when to unlock the tokens, or 0 if unchanged
@param locked_balance Previous locked amount / timestamp
"""
_locked: LockedBalance = locked_balance
supply_before: uint256 = self.supply
self.supply = supply_before + _value
old_locked: LockedBalance = _locked
# Adding to existing lock, or if a lock is expired - creating a new one
_locked.amount += convert(_value, int128)
if unlock_time != 0:
_locked.end = unlock_time
self.locked[_addr] = _locked
# Possibilities:
# Both old_locked.end could be current or expired (>/< block.timestamp)
# value == 0 (extend lock) or value > 0 (add to lock or extend lock)
# _locked.end > block.timestamp (always)
self._checkpoint(_addr, old_locked, _locked)
if _value != 0:
assert ERC20(self.token).transferFrom(_addr, self, _value)
log Deposit(_addr, _value, _locked.end, type, block.timestamp)
log Supply(supply_before, supply_before + _value)
@internal
def _passive_deposit_for(_addr: address, _value: uint256, unlock_time: uint256, locked_balance: LockedBalance, type: int128):
"""
@notice Deposit and lock tokens for a user
@param _addr User's wallet address
@param _value Amount to deposit
@param unlock_time New time when to unlock the tokens, or 0 if unchanged
@param locked_balance Previous locked amount / timestamp
"""
_locked: LockedBalance = locked_balance
supply_before: uint256 = self.supply
self.supply = supply_before + _value
old_locked: LockedBalance = _locked
# Adding to existing lock, or if a lock is expired - creating a new one
_locked.amount += convert(_value, int128)
if unlock_time != 0:
_locked.end = unlock_time
self.locked[_addr] = _locked
# Possibilities:
# Both old_locked.end could be current or expired (>/< block.timestamp)
# value == 0 (extend lock) or value > 0 (add to lock or extend lock)
# _locked.end > block.timestamp (always)
self._checkpoint(_addr, old_locked, _locked)
log Deposit(_addr, _value, _locked.end, type, block.timestamp)
log Supply(supply_before, supply_before + _value)
@external
def checkpoint():
"""
@notice Record global data to checkpoint
"""
self._checkpoint(ZERO_ADDRESS, empty(LockedBalance), empty(LockedBalance))
@external
@nonreentrant('lock')
def deposit_for(_addr: address, _value: uint256):
"""
@notice Deposit `_value` tokens for `_addr` and add to the lock
@dev Anyone (even a smart contract) can deposit for someone else, but
cannot extend their locktime and deposit for a brand new user
@param _addr User's wallet address
@param _value Amount to add to user's lock
"""
_locked: LockedBalance = self.locked[_addr]
assert _value > 0 # dev: need non-zero value
assert _locked.amount > 0, "No existing lock found"
assert _locked.end > block.timestamp, "Cannot add to expired lock. Withdraw"
self._deposit_for(_addr, _value, 0, self.locked[_addr], DEPOSIT_FOR_TYPE)
@external
@nonreentrant('lock')
def create_lock(_value: uint256, _unlock_time: uint256):
"""
@notice Deposit `_value` tokens for `msg.sender` and lock until `_unlock_time`
@param _value Amount to deposit
@param _unlock_time Epoch time when tokens unlock, rounded down to whole weeks
"""
if msg.sender != tx.origin:
raise "Smart contract depositors not allowed"
unlock_time: uint256 = (_unlock_time / WEEK) * WEEK # Locktime is rounded down to weeks
_locked: LockedBalance = self.locked[msg.sender]
assert _value > 0 # dev: need non-zero value
assert _locked.amount == 0, "Withdraw old tokens first"
assert unlock_time > block.timestamp, "Can only lock until time in the future"
assert unlock_time <= block.timestamp + MAXTIME, "Voting lock can be 4 years max"
self._deposit_for(msg.sender, _value, unlock_time, _locked, CREATE_LOCK_TYPE)
@external
@nonreentrant('lock')
def create_lock_for_origin(_value: uint256, _unlock_time: uint256):
"""
@notice Deposit `_value` tokens for `tx.origin` and lock until `_unlock_time`
@param _value Amount to deposit
@param _unlock_time Epoch time when tokens unlock, rounded down to whole weeks
"""
assert self.crowdsale == msg.sender, "Sender should be crowdsale"
unlock_time: uint256 = (_unlock_time / WEEK) * WEEK # Locktime is rounded down to weeks
_locked: LockedBalance = self.locked[tx.origin]
assert _value > 0 # dev: need non-zero value
assert _locked.amount == 0, "Withdraw old tokens first"
assert unlock_time > block.timestamp, "Can only lock until time in the future"
assert unlock_time <= block.timestamp + MAXTIME, "Voting lock can be 4 years max"
self._passive_deposit_for(tx.origin, _value, unlock_time, _locked, CREATE_LOCK_TYPE)
@external
@nonreentrant('lock')
def increase_amount(_value: uint256):
"""
@notice Deposit `_value` additional tokens for `msg.sender`
without modifying the unlock time
@param _value Amount of tokens to deposit and add to the lock
"""
_locked: LockedBalance = self.locked[msg.sender]
assert _value > 0 # dev: need non-zero value
assert _locked.amount > 0, "No existing lock found"
assert _locked.end > block.timestamp, "Cannot add to expired lock. Withdraw"
self._deposit_for(msg.sender, _value, 0, _locked, INCREASE_LOCK_AMOUNT)
@external
@nonreentrant('lock')
def increase_unlock_time(_unlock_time: uint256):
"""
@notice Extend the unlock time for `msg.sender` to `_unlock_time`
@param _unlock_time New epoch time for unlocking
"""
_locked: LockedBalance = self.locked[msg.sender]
unlock_time: uint256 = (_unlock_time / WEEK) * WEEK # Locktime is rounded down to weeks
assert _locked.end > block.timestamp, "Lock expired"
assert _locked.amount > 0, "Nothing is locked"
assert unlock_time > _locked.end, "Can only increase lock duration"
assert unlock_time <= block.timestamp + MAXTIME, "Voting lock can be 4 years max"
self._deposit_for(msg.sender, 0, unlock_time, _locked, INCREASE_UNLOCK_TIME)
@external
@nonreentrant('lock')
def withdraw():
"""
@notice Withdraw all tokens for `msg.sender`
@dev Only possible if the lock has expired
"""
_locked: LockedBalance = self.locked[msg.sender]
assert block.timestamp >= _locked.end, "The lock didn't expire"
value: uint256 = convert(_locked.amount, uint256)
old_locked: LockedBalance = _locked
_locked.end = 0
_locked.amount = 0
self.locked[msg.sender] = _locked
supply_before: uint256 = self.supply
self.supply = supply_before - value
# old_locked can have either expired <= timestamp or zero end
# _locked has only 0 end
# Both can have >= 0 amount
self._checkpoint(msg.sender, old_locked, _locked)
assert ERC20(self.token).transfer(msg.sender, value)
log Withdraw(msg.sender, value, block.timestamp)
log Supply(supply_before, supply_before - value)
# The following ERC20/minime-compatible methods are not real balanceOf and supply!
# They measure the weights for the purpose of voting, so they don't represent
# real coins.
@external
@view
def find_block_epoch(_block: uint256, max_epoch: uint256) -> uint256:
"""
@notice Binary search to estimate timestamp for block number
@param _block Block to find
@param max_epoch Don't go beyond this epoch
@return Approximate timestamp for block
"""
# Binary search
_min: uint256 = 0
_max: uint256 = max_epoch
for i in range(128): # Will be always enough for 128-bit numbers
if _min >= _max:
break
_mid: uint256 = (_min + _max + 1) / 2
if self.point_history[_mid].blk <= _block:
_min = _mid
else:
_max = _mid - 1
return _min
crowdsale: public(address)
@external
def changeCrowdsale(_newCrowdsale: address):
assert msg.sender == self.controller, "Caller should be controller"
self.crowdsale = _newCrowdsale
Total supply of CRV is unlimited
curve-dao-contracts/contracts/ERC20CRV.vy
Lines 112 to 113 in 3bee979
When the inflation rate drops to 0, _update_mining_parameters() will update the inflation rate to initial_rate.
It happens in the 246th year. The inflation rate will repeat again and again.
-
Missing arguments on deploy_dao script
I'm trying to deploy the contracts on a local forked network, and at some point of the process some of the contracts fail to deploy because they are missing some required arguments.
Expected behaviour
After executing
brownie run scripts/deployment/deploy_dao.py development --network mainnet-fork
should run through all the required transactions and end up successfully with all contracts deployed.
Actual behaviour
When executing
brownie run scripts/deployment/deploy_dao.py development --network mainnet-fork
it fails at with
File "brownie/_cli/run.py", line 50, in main
return_value, frame = run(
File "brownie/project/scripts.py", line 103, in run
return_value = f_locals[method_name](*args, **kwargs)
File "./scripts/deployment/deploy_dao.py", line 70, in development
deploy_part_two(accounts[0], token, voting_escrow)
File "./scripts/deployment/deploy_dao.py", line 101, in deploy_part_two
pool_proxy = PoolProxy.deploy({"from": admin, "required_confs": confs})
File "brownie/network/contract.py", line 528, in __call__
return tx["from"].deploy(
File "brownie/network/account.py", line 509, in deploy
data = contract.deploy.encode_input(*args)
File "brownie/network/contract.py", line 557, in encode_input
data = format_input(self.abi, args)
File "brownie/convert/normalize.py", line 20, in format_input
raise type(e)(f"{abi['name']} {e}") from None
ValueError: constructor Sequence has incorrect length, expected 3 but got 0
If I add the required arguments on the required line, then the error changes to:
File "brownie/_cli/run.py", line 50, in main
return_value, frame = run(
File "brownie/project/scripts.py", line 103, in run
return_value = f_locals[method_name](*args, **kwargs)
File "./scripts/deployment/deploy_dao.py", line 70, in development
deploy_part_two(accounts[0], token, voting_escrow)
File "./scripts/deployment/deploy_dao.py", line 115, in deploy_part_two
gauge = LiquidityGauge.deploy(lp_token, minter, {"from": admin, "required_confs": confs})
File "brownie/network/contract.py", line 528, in __call__
return tx["from"].deploy(
File "brownie/network/account.py", line 509, in deploy
data = contract.deploy.encode_input(*args)
File "brownie/network/contract.py", line 557, in encode_input
data = format_input(self.abi, args)
File "brownie/convert/normalize.py", line 20, in format_input
raise type(e)(f"{abi['name']} {e}") from None
ValueError: constructor Sequence has incorrect length, expected 3 but got 2
Which I could solve adding admin as the third argument on this line.
So finally the last error was:
File "brownie/_cli/run.py", line 50, in main
return_value, frame = run(
File "brownie/project/scripts.py", line 103, in run
return_value = f_locals[method_name](*args, **kwargs)
File "./scripts/deployment/deploy_dao.py", line 70, in development
deploy_part_two(accounts[0], token, voting_escrow)
File "./scripts/deployment/deploy_dao.py", line 120, in deploy_part_two
gauge = LiquidityGaugeReward.deploy(
File "brownie/network/contract.py", line 528, in __call__
return tx["from"].deploy(
File "brownie/network/account.py", line 509, in deploy
data = contract.deploy.encode_input(*args)
File "brownie/network/contract.py", line 557, in encode_input
data = format_input(self.abi, args)
File "brownie/convert/normalize.py", line 20, in format_input
raise type(e)(f"{abi['name']} {e}") from None
ValueError: constructor Sequence has incorrect length, expected 5 but got 4
Which I had to fix by adding admin as a 5th argument on this contract instantiation.
After those changes, the deploy went well. :)
Steps to reproduce
brownie run scripts/deployment/deploy_dao.py development --network mainnet-fork
I would create a PR, but I'm not sure that the arguments I set on those contracts are the ones that really have to be cos I didnt used the contracts after deployment. Specially the PoolProxy one.
Is it possible the scripts are outdated?
AttributeError: Contract 'AppProxyUpgradeable' object has no attribute 'execute'
when I'm running brownie run voting/new_vote make_vote --network mainnet -I this will get thrown inside the make_vote function. Are the ABIs not the correct ones or what could cause this issue?
README math not rendering nicely
the doc readme LaTeX doesn't render properly
Was wondering if the readme could be linked in as a jupyter notebook (which does) or implement a solution like this
https://gist.github.com/a-rodin/fef3f543412d6e1ec5b6cf55bf197d7b
to make readability easier
Etherscan API Key is missing?
when I run the new_vote.py script it throws cause it doesn't have an etherscan API key.
The question is where to put that?
minor - brownie test stops on some some naming conflicts
Run
brownie test
Breacks with error, massage see below
Workaround
Just run sub-test directly
brownie test tests/unitary
brownie test tests/integration
Recommendation
Just remove brownie test from README.txt
Errors
======================ERRORS ===================
tests/unitary/FeeDistribution/test_fee_distribution.py
imported module 'test_fee_distribution' has this file attribute:
/curve/curve-dao-contracts_py3.8_sqlite/tests/fork/Burners/test_fee_distribution.py
which is not the same as the test file we want to collect:
/curve/curve-dao-contracts_py3.8_sqlite/tests/unitary/FeeDistribution/test_fee_distribution.py
HINT: remove pycache / .pyc files and/or use a unique basename for your test file modules
Wrong integer assigned to year
WEEK: constant(uint256) = 7 * 86400 # all future times are rounded by week
MAXTIME: constant(uint256) = 4 * **365** * 86400 # 4 years
MULTIPLIER: constant(uint256) = 10 ** 18
year = 365.25 days
Gauge admin can add faulty reward tokens
On LiquidityGaugeV5, the add_reward function does not check that _distributor is not the zero address. This is important, because the gauge assumes reward tokens with a zero distributor are uninitialized (i.e. not added to the gauge).
A zero distributor means that deposit_reward_token will not be callable, nor can this situation be fixed using set_reward_distributor. Additionally, the admin would then be able to add the same reward token again to the gauge, since add_reward only checks for the current distributor to be unset.
This is not a security concern due to the following:
- if the reward token is only added once, no rewards will be able to be issued for it, and the gauge will behave as if the distributor never sent any tokens
- if the reward token is added multiple times, the internal accounting will not be broken since all reward tokens are fully processed before moving on to the next one (see e.g.
_checkpoint_rewards)
This does result in extra gas being used by all users, and one (or more) of the 8 reward token slots being forever burned.
The proposed fix is to simply check that _distributor is not the zero address in add_reward. From what I've seen, this issue is not present just on the V5 gauge but also all past gauges. Care should be taken to not add a reward token with a zero distributor in these.
How do you enforce non-contract calls?
Your docs state that
The account which locks the tokens cannot be a smart contract (because can be tradable and/or tokenized), unless it is one of whitelisted smart contracts (for example, widely used multi-signature wallets).
How do you want to enforce that though in a way that cannot be cheated by technical means (e.g. constructor calls)?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.