Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stake able to plunder the treasury #40

Open
2 tasks
Dead-m0r0z opened this issue Jul 8, 2021 · 3 comments
Open
2 tasks

Stake able to plunder the treasury #40

Dead-m0r0z opened this issue Jul 8, 2021 · 3 comments

Comments

@Dead-m0r0z
Copy link

Describe the bug
An error in the smart contract, leading to incorrect accrual of tokens to the balance..

To Reproduce
Steps to reproduce the behaviour:

  1. Go to ' https://gala.pstake.finance/'
  2. Click on 'UNWRAP'
  3. Click "refresh page" in browser
  4. Go to the Keplr wallet and see that instead of the specified amount, we received x2 (unwrap 5 pAtom> crediting 10 Atom
  5. Sometimes a similar operation can be performed in the opposite direction (wrap 5 Atom> we get 10 pAtom
  6. As far as I understand, this is due to the freezing of the transaction. And the re-transaction is done with faucet.

Expected behaviour
Thus, thanks to this bug, by doing wrap and unwrap, the user can increase his balance indefinitely

Desktop (please complete the following information):

  • OS: [Windows 10]
  • Browser [Google chrome]
  • Version [91.0.4472.124]

Additional context
Also, while participating in the pSTAKE Staking Gala, the following problems were noticed:
1.incorrect display of the values ​​of the Total Unbonding Tokens line
2. Hanging of the site and error of all the leftovers on the site when closing the warning message “This is a test version of pSTAKE. Move only test ATOM and test ETH (ropsten) to get test Pegged ATOM (pATOM) and test Staked ATOM (stkATOM). '
3. Errors when performing the actions 'declare now' and 'deliver'. At first, these operations are performed, and I can see it, but after a while the bet is canceled.

Ethereum address
0xD9E780c02C838C39e71A930e21F552287eA06Bc9

Criticality Assessment
Please pick one:

  • [+] High: An issue that might cause immediate loss of the funds or permanent/severe damage of the protocol state
  • Medium: An issue that might theoretically cause minimal loss of funds damage the protocol state or cause severe user dissatisfaction
  • Low: An issue that might cause user dissatisfaction or minimal failure of the application

Checklist

  • [+] The reported issue is in the scope of the pStake BugBounty program.
  • [+] This issue has not been reported before.
  • [+] The ethereum address filled in is valid.
@kombos
Copy link

kombos commented Aug 30, 2021

hi, this issue was identified and corrected in the Alpha environment where the bug-bounty applies. but to re-confirm, can you provide the comos address that you were using for these transactions?

@Dead-m0r0z
Copy link
Author

Dead-m0r0z commented Aug 30, 2021
edited
Loading

cosmos1lkg4q95nyemae0gkvk4lea78trnurcckqm7plg
This error worked for GALA

@Dead-m0r0z
Copy link
Author

I wrote on Discord that I don't fully understand why my increased staking results were not taken into account when awarding the winners. After all, I did not violate the rules of the competition, since technically I did not translate pAtom from a third-party address, but increased their number due to a bug. In addition, I reported an error that was relevant at that time and could lead to big problems when starting the main network. For many weeks I was confident that I would receive at least some kind of reward for my efforts... (((

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kombos @Dead-m0r0z