SIP	Title	Author	Status	Track	Created
0063	Fix Staking Bug to Prevent Reverting Delegated Voting Power	Tyrone Johnson (@tjcloa)	Ready for vote	Contract	2023-05-26

SIP-0063: Fix Staking Bug to Prevent Reverting Delegated Voting Power

Description

The Staking contract has been paused to prevent malicious use of the information disclosed by this SIP.

If approved, this proposal will upgrade the StakingStakeModule contract to an implementation that fixes the bug.

Details

A security researcher has reported a bug through Sovryn's Immunefi bug bounty program. The bug allows any address to revert any delegated voting power back to the delegator's address by staking any amount to the delegator's address. We have reproduced the bug and confirmed this is unintended behavior.

Fix

Add conditional check to fix the vulnerability

Proposed change

Existing StakingStakeModule contract: 0xdf41bD1F610d0DBe9D990e3eb04fd983777f1966
New StakingStakeModule: 0xDf7224A755a8cf59c6D30ECC1a1efDd83C46EE36
Proposed changes: PR#500

License

Copyright and related rights waived via CC0.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SIP-0063.md

SIP-0063.md

SIP-0063: Fix Staking Bug to Prevent Reverting Delegated Voting Power

Description

Details

Fix

Proposed change

License

Files

SIP-0063.md

Latest commit

History

SIP-0063.md

File metadata and controls

SIP-0063: Fix Staking Bug to Prevent Reverting Delegated Voting Power

Description

Details

Fix

Proposed change

License