Staking Service & DAO Status Update

This posting provides a summary of the recent update to the Tokamak Network’s TON/WTON staking service and DAO.

Tokamak Network’s Simple Staking Service

In September 2023, during the development of our new staking contract, one of our contract developers, Zena, discovered a zero-day vulnerability in our existing staking contract. Since the discovery, a small task team has worked many hours to find the best way to resolve this vulnerability.

As of October 24th, 2023, the relevant contracts have been upgraded and the existing data has been successfully migrated. Please note that rebuilding the frontend (simple staking and DAO) may take some time.

What has changed?

• Fixed the vulnerability — It is no longer possible for someone to change someone else’s staked balance to 0 (without unstaking themselves).
• Limited functionality of the problematic contract — The old staking contract has been disabled, except for the withdraw function, which is not affected by the zero-day vulnerability.
• Data validation — Multiple data validations were performed to ensure that all users received the correct staking reward during the service upgrade and that no one lost any staked TON.
• Updated UX/UI — In the simple staking service, users can now claim their staking reward easily by using the new “Add to Your Staked” button. This allows them to compound their staking and maximize their staking reward. If you are unstaking, make sure to use this function beforehand to claim any unclaimed staking reward. Otherwise, you may lose it.

“Add to Your Staked” button allows users to compound their staking reward anytime.

• Layer2 name change — The name of the “level19” layer2 has been changed to “level”. See above image.

Moving forward

• Rebuild frontend — Although simple.staking.tokamak.network is open, we need to reintegrate existing features. Until then, only essential features are opened.
• Show historic data — Integrate old contract data into the historic components, such as wallets and transaction history, of the simple staking service.
• Get help — If you are experiencing any issues with the simple staking service, please fill out the Google form. We will respond to you as soon as possible.
• Staking contract upgrade — We are currently working on implementing Fast Withdrawal (FW) in the staking service.
• DAO upgrade— We are working on developing the next version of Tokamak DAO, which will greatly enhance the Tokamak Network ecosystem.

Historic public records

X:

• Post 1: Link
• Post 2: Link
• Post 3: Link
• Post 4: Link

Notion:

• Zero-day vulnerability disclosure and progress
• Temporary guide to withdrawing TON from the old staking contract

List of affected services

Simple staking service:

• Service: simple.staking.tokamak.network
• Contract: https://github.com/tokamak-network/ton-staking-v2

DAO:

• Service: dao.tokamak.network

Members involved in fixing the issue

Operation: Kevin*
Contract: Zena*, Harvey*, Justin*
Service: Jason*, Ale*, Lakmi
Model: Suah*, Ethan*
Community Support: Alex, Max, David
*These members spent many hours fixing these issues.

Tokamak Network & TONStarter

Homepage | Github | Medium |X | Telegram | Discord | Linkedin