Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(StakeVault): make unstaking actually work #41

Merged
merged 1 commit into from
Jan 19, 2024
Merged

Conversation

0x-r4bbit
Copy link
Collaborator

Unstaking didn't actually work because it was using transferFrom() on the StakeVault with the from address being the vault itself. This would result in an approval error because the vault isn't creating any approvals to spend its own funds.

The solution is to use transfer instead, or rather safeTransfer using SafeERC20 utilities.

Checklist

Ensure you completed all of the steps below before submitting your pull request:

  • Added natspec comments?
  • Ran forge snapshot?
  • Ran pnpm lint?
  • Ran forge test?
  • Ran pnpm verify?

@3esmit
Copy link
Collaborator

3esmit commented Jan 15, 2024

Indeed, it should use transfer instead of transferFrom in the unstake method.

Why its using these safeTransfer and safeTransferFrom?

@0x-r4bbit
Copy link
Collaborator Author

I've used safeTransfer() over transfer() in case we want to support staking of other ERC20 tokens as well. Given some ERC20 tokens don't behave exactly per spec, safeTransfer is the better choice here.

If we're 100% certain this will only ever be used with SNT that we have designed, then we can also use plain transfer instead.

@3esmit
Copy link
Collaborator

3esmit commented Jan 16, 2024

If the users trust a token that misbehave ERC20 spec, thats user responsability.
If the user stake whatever bad token they want, their staking would be worthless.

I am unsure how that would work, but essentially staking should be over a token that is trusted by the community, in a social setting. If we are willing to babysit the user for this, than why arent we doing it for everything else?

I don't think that using safeTransferFrom and safeTransfer would cause any problem, but I think is a fix that we don't need, or at least, is not part of making unstaking work.

@0x-r4bbit
Copy link
Collaborator Author

I don't think that using safeTransferFrom and safeTransfer would cause any problem, but I think is a fix that we don't need, or at least, is not part of making unstaking work.

Yes, very fair. I considered splitting this up into multiple commits. One that fixes the bug and another one that introduces safeTransfer() for the reason mentioned above. But then I decided to do it in one go.

I will undo this change and rely on plain transfer() instead.

Just so this is on the record, unless we specify the constraints and limits of the system clearly, this would probably be one of the things security auditors will point out as a high or mid.

@0x-r4bbit 0x-r4bbit mentioned this pull request Jan 16, 2024
Unstaking didn't actually work because it was using `transferFrom()` on the
`StakeVault` with the `from` address being the vault itself.
This would result in an approval error because the vault isn't creating
any approvals to spend its own funds.

The solution is to use `transfer` instead and ensuring the return value
is checked.
@0x-r4bbit
Copy link
Collaborator Author

@3esmit I've updated the PR with the following:

  • I've removed SafeERC20 usage
  • safeTransfer and safeTransferFrom are now plain transfer and transferFrom calls
  • Return values of those calls are checked and cause a revert if false
  • Added a test with a broken erc20 that would always return false on transfers

Let me know if this does the job for you

@0x-r4bbit 0x-r4bbit merged commit 74ff357 into develop Jan 19, 2024
7 checks passed
@0x-r4bbit 0x-r4bbit deleted the fix/unstaking branch January 19, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants