aurora-is-near / aurora-staking-contracts Goto Github PK
View Code? Open in Web Editor NEWAurora staking contracts
Aurora staking contracts
Other recommendations:
Make cancelStreamProposal not available for active stream (isActive == true) and make stream.schedule.time[0] verification for cancelStreamProposal strict: stream.schedule.time[0] < block.timestamp.
_JetStakingV1: function validateStreamParameters().
Currently, the start of rewards schedule must be greater than current block.timestamp(Validation on Line 1095), thus, it is possible to pass scheduleTimes[0] with low difference with current timestamp, so that the creator of stream will not have enough time to activate the stream.
Recommendation. Add a minimum period of time between scheduleTimes[0] and block.timestamp to make sure the stream creator has enough time to activate the stream.
Creating this role would result in separation of the respective functionality from the other admin functions.
Why in the initialize
function there's no transfer of AURORA tokens for the default stream?
Originally posted by @alexauroradev in #2 (comment)
I was researching on the auto compounding mechanisms on the Aurora Staking Contract. What I understand is the staking service increases total staked aurora, so the newer participants will have lower shares of the aurora's staked, resulting in something of auto compounding.
My question is this: The Math is quite subtle to understand, so I do not really know if I am correct. I just wanted some points on how exactly Auto Compounding works, plus could you provide me to some codes that does this.
According to the documentation, stake
, unstake
, unstakeAll
, stakeOnBehalfOfOtherUsers
, stakeOnBehalfOfAnotherUser
functions should claim rewards if the selected user has actual staking.
Mentioned validation should be implemented to prevent human factors. Contract: JetStakingV1
Functions: initialize, updateTreasury, stake, unstake, unstakeAll, stakeOnBehalfOfOtherUsers, stakeOnBehalfOfAnotherUser
Recommendation: implement these checks.
one month
one day
.JetStakingV1: function _validateStreamParameters().
Parameter “tau” should be validated in order not to be equal to extremely big values, due to which users won’t be able to withdraw their pending rewards.
Recommendation.
Consider v0.8.7
for deployment
endIndex
is required to be not smaller than startIndex
Not addressing this will mean that most likely any off-chain tool requires to be aware of this really deep details! I understand the main reason not to do it are gas limitations.
Can you share difference in benchmark with refunding vs without refunding.
Originally posted by @mfornet in #90 (comment)
To prevent the significant impact of the previous admin, it is better to revoke all actual roles on ownership transfer. Checks in transferOwnership can be bypassed with the functions in AccessControlUpgradeable.
The function transferOwnership tries to make sure that there is only one user with the admin role, and its address is also stored in the admin field. However, this is trivially bypassed using the function grantRole in AccessControlUpgradeable.
So far the process has to be checked manually due to the false positive issues. This need to be enhanced by annotating the false positive and allow avoiding them in CI.
By @paouvrard
I think maxDepositAmount can be removed as it is redundant with scheduleRewards[0], or equality must be checked if we want to make things more explicit.
Update the stream life cycle to support the following features:
in this function rewardsSchedule
we can use memory to store Schedule
as it does not update the storage. This is optional and if done, there should there should be test cases for max array values stored in the struct. Recommending it as this function is used in other external functions and would reduce gas cost if memory variable is used.
Originally posted by @UrAvgDeveloper in #173 (comment)
LGTM with minor comments. For the CLAIM_ROLE and AIRDROP_ROLE, we will need several keys to have these roles (10 ?) so that the airdrop script can process requests in parallel. Should we use
_setRoleAdmin
to setup these keys separately or also grant these roles in the deployment ?
We can call grantRole()
separately to add as many keys as we want. I will prepare that in a separate PR for the hardhat tasks.
Originally posted by @0x3bfc in #89 (comment)
Schedule of the stream must be a descending function, and this should be checked.
Though this issue is not that big, since the streams are proposed by DEFAULT_ADMIN
only.
Good point, like a percentage of the maxDepositAmount
?
Originally posted by @paouvrard in #90 (comment)
Currently, cancelStreamProposal
can be called for active streams and this would result in payment from the staking contract AURORA tokens.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.