Open in app

Sign in

Write

Sign in

Dev update: Plenty staking contracts v1.1 and APR/APY fix

We will share the full audit report together with an analysis later this week. Besides implementing changes based on the audit, we also fixed a vulnerability pointed out by both @arrijabba and @mycodecrafting. For the changes to take effect, we have deployed new versions of the staking contracts.

Plenty
Plenty
2 min readJun 8, 2021

--

All funds SAFU?

Yes, no staked funds were ever at risk. The vulnerability made it possible for a bad actor to call the ‘totalSupply’ or the ‘balance’ view functions and point the ‘callback’ to the ‘stake’ function of the contract. When this happens, the contract does a zero transfer to its own address, resulting in halving the rewards and doubling the totalSuppy value. We thank @arrijabba and @mycodecrafting for their help with pointing out this error. You can view the exploit in action on Florence testnet here.

What now?

We have temporarily paused the pools and farm, so no one can add new stakes anymore. Rewards will keep distributing until block number #1508184 in the old smart contracts, which is approximately until 3 PM GMT June 9th. To enable a smooth transition to the new smart contracts, withdrawal fees are disabled on the old smart contracts. On plentydefi.com you will now see a new functionality: a switch that enables you to view ‘active’ and ‘inactive’ pools and farms. To unstake and harvest from the paused pools and farm just flip the switch on either the pools or farm page. Now change the switch back to ‘active’ and restake!

APR/APY Fix when?

The APR/APY issue in our UI has been fixed. We are using the following formula for the APR:

And for the APY we use this formula:

Sir TVL not showing!

First priority was releasing new smart contracts and enabling users to use those contracts. There are still some bugs in the UI unfortunately, luckily we are still in beta! More UI fixes are coming in the coming days. If you find any bugs, let us know.

Official links

Website: https://www.plentydefi.com/
Telegram: https://t.me/PlentyDeFi
Discord: https://discord.gg/Ph9GWPNRbv
Twitter: https://twitter.com/plentydefi

Tezos
Defi
Smart Contracts
Blockchain

--

--

Plenty
Plenty

Written by Plenty

1K Followers
Editor for

Building one platform for discovering the best rates and effortlessly bridging positions across all EVM chains ➡️ https://www.plend.finance/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams