search

Phoenix-Protocol-Group / phoenix-contracts

Source code of the smart contracts of the Phoenix DeFi hub DEX protocol
GNU General Public License v3.0
10 stars 6 forks source link

[V-PHX-VUL-018] Soroban storage limitation discourages staking #218

Closed gangov closed 6 months ago

gangov commented 7 months ago

file: contracts/stake/src/storage.rs location: BondingInfo

Similar to the V-PHX-VUL-008 issue, the stakes vector in a user’s BondingInfo grows with each subsequent bond operation that a user performs. Therefore, each bond operation will become more and more expensive for the user to perform and could eventually exceed the transaction storage limit.

Impact: This impacts the usability of the staking contract and discourages users from having many stakes in the contract.

Recommendation: Since the stake_timestamp of each stake is not checked or used after a stake is created, and the WithdrawAdjustment tracks adjustments based on the time the user performs a bond, the BondingInfo could solely track a user’s total_stake and omit storing all of the user’s individual stake operations.

ueco-jb commented 6 months ago

This implementation will be modified, but staking timestamps are important.