search

Alethea-tech / SmartContracts

0 stars 2 forks source link

AletheaToken.sol and AletheaNoLoss.sol Security Audit #1

Open Alethea-tech opened 4 years ago

Alethea-tech commented 4 years ago

Alethea is aiming to build a decentralized marketplace for AI-generated media. We plan to launch our first product “Meme Pools” very soon, which basically takes the interest generated from a pool of DAI to sponsor the creation of AI-generated memes!

We also plan to mint our token soon. It would be great if any developers can review the smart contracts - your help will ensure the safe creation of the next generation of memes:

Token Contract (Rinkeby)

  1. Uses OpenZeppelin libraries Mintable, Burnable, Pausable, and Detailed

  2. Can only be minted and paused by wallets with minter/pauser roles (which can be given or removed at any time by the owner of the token contract)

  3. An additional functionality was added to the OpenZeppelin MinterRole.sol so that a Cap can be set later on (by minters) to define the maxSupply upon which no more tokens can be minted (team prefers to have the ability to set this later on vs on deployment, thus not going with the Capped standard from OpenZeppelin)

  4. The burning functionality can be used a) by users to burn their own tokens, and b) by smart contracts that have allowance to use certain tokens

Staking Contract (Rinkeby): Allows users to stake their DAI for a custom period of time and receive a custom amount of tokens as a rewards while their DAI interest is saved into the smart contract.

  1. Contract owner(s) can update at any time the following variables: tokenRewardAmount, minDAIStakingTime, minDAIStakingAmount - plus the contract addresses for token, dai, and cDai - owner(s) can also call the methods withdrawDAI and withdrawToken to withdraw any dai/tokens available on the contract, plus pauseContract and unPauseContract to pause/unpause interactions with the Staking Contract

  2. Users can call the methods: a) stakeDAI which sends users dai to the Compound protocol, a token reward to the user, and cDAI to the smart contract b) getDAIStakingInfo to get their staking details and variables from the contract, c) unstakeDAI to get their dai plus availableRewards (this will update amountRewarded), and d) claimRewards to withdraw their availableRewards from the Staking Contract (c. and d. can only be called after minDAIStakingTime passes after the last time they staked)

  3. By staking minDAIStakingAmount users gets access to a token reward amount immediately and after that they are able to claimRewards every time minDAIStakingTime passes - a stakedTimestamp is saved/updated into the contract to keep track of the last time the user staked and properly calculate availableRewards

  4. The amount of token reward is calculated dividing a) the amount of dai staked by the user, for b) minDAIStakingAmount, and then multiplying the result for c)tokenRewardAmount`

  5. The user can increase their dai staked anytime and at that point their available rewards are saved into accumulatedRewards in order to keep an accurate count of availableRewards (since the rewards depend not only on amount but also time staked)

gitcoinbot commented 4 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

This issue now has a funding of 0.7 ETH (94.14 USD @ $134.48/ETH) attached to it as part of the Alethea-tech fund.

gitcoinbot commented 4 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work has been started.

These users each claimed they can complete the work by 1 year, 11 months ago. Please review their action plans below:

1) roundtree-larry has started work.

I will check those contract and give you result 2) smyak has started work.

  1. Look at contract source code
  2. Find a security issue
  3. Fix it\ make suggestion for improve a code 4, Profit 3) alita-moore has started work.

1) crate a thorough and detailed breakdown of variables, connections, and interactions; 2) verify logic; 3) read line by line to find any potential problems; 4) make fixes with a thorough explanation of reasoning; estimated completion ~1 week

Learn more on the Gitcoin Issue Details page.

gitcoinbot commented 4 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work for 0.7 ETH (92.0 USD @ $131.43/ETH) has been submitted by:

  1. @roundtree-larry
  2. @smyak

@alethea-tech please take a look at the submitted work:

Ryan-Gordon commented 4 years ago

@Alethea-tech What is the latest on this issue? If you still need help let me know and I will apply and perform an audit. Otherwise I think you have two work submissions already.