Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERC20 staking prebuilt and extension #286

Merged
merged 6 commits into from
Nov 29, 2022
Merged

ERC20 staking prebuilt and extension #286

merged 6 commits into from
Nov 29, 2022

Conversation

kumaryash90
Copy link
Member

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2022
View reviewed changes
contracts/extension/Staking20Upgradeable.sol
Comment on lines +136 to +152
function _stake(uint256 _amount) internal virtual {
require(_amount != 0, "Staking 0 tokens");
address _token = token;

if (stakers[msg.sender].amountStaked > 0) {
_updateUnclaimedRewardsForStaker(msg.sender);
} else {
stakersArray.push(msg.sender);
stakers[msg.sender].timeOfLastUpdate = block.timestamp;
}

CurrencyTransferLib.transferCurrency(_token, msg.sender, address(this), _amount);

stakers[msg.sender].amountStaked += _amount;

emit TokensStaked(msg.sender, _amount);
}

Check warning

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20Upgradeable._stake(uint256) (contracts/extension/Staking20Upgradeable.sol#136-152): External calls: - CurrencyTransferLib.transferCurrency(_token,msg.sender,address(this),_amount) (contracts/extension/Staking20Upgradeable.sol#147) State variables written after the call(s): - stakers[msg.sender].amountStaked += _amount (contracts/extension/Staking20Upgradeable.sol#149)
contracts/extension/Staking20.sol
Comment on lines +134 to +150
function _stake(uint256 _amount) internal virtual {
require(_amount != 0, "Staking 0 tokens");
address _token = token;

if (stakers[msg.sender].amountStaked > 0) {
_updateUnclaimedRewardsForStaker(msg.sender);
} else {
stakersArray.push(msg.sender);
stakers[msg.sender].timeOfLastUpdate = block.timestamp;
}

CurrencyTransferLib.transferCurrency(_token, msg.sender, address(this), _amount);

stakers[msg.sender].amountStaked += _amount;

emit TokensStaked(msg.sender, _amount);
}

Check warning

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20._stake(uint256) (contracts/extension/Staking20.sol#134-150): External calls: - CurrencyTransferLib.transferCurrency(_token,msg.sender,address(this),_amount) (contracts/extension/Staking20.sol#145) State variables written after the call(s): - stakers[msg.sender].amountStaked += _amount (contracts/extension/Staking20.sol#147)
contracts/extension/Staking20.sol
Comment on lines +134 to +150
function _stake(uint256 _amount) internal virtual {
require(_amount != 0, "Staking 0 tokens");
address _token = token;

if (stakers[msg.sender].amountStaked > 0) {
_updateUnclaimedRewardsForStaker(msg.sender);
} else {
stakersArray.push(msg.sender);
stakers[msg.sender].timeOfLastUpdate = block.timestamp;
}

CurrencyTransferLib.transferCurrency(_token, msg.sender, address(this), _amount);

stakers[msg.sender].amountStaked += _amount;

emit TokensStaked(msg.sender, _amount);
}

Check notice

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20._stake(uint256) (contracts/extension/Staking20.sol#134-150): External calls: - CurrencyTransferLib.transferCurrency(_token,msg.sender,address(this),_amount) (contracts/extension/Staking20.sol#145) Event emitted after the call(s): - TokensStaked(msg.sender,_amount) (contracts/extension/Staking20.sol#149)
contracts/extension/Staking20Upgradeable.sol
Comment on lines +155 to +177
function _withdraw(uint256 _amount) internal virtual {
uint256 _amountStaked = stakers[msg.sender].amountStaked;
require(_amount != 0, "Withdrawing 0 tokens");
require(_amountStaked >= _amount, "Withdrawing more than staked");

_updateUnclaimedRewardsForStaker(msg.sender);

if (_amountStaked == _amount) {
address[] memory _stakersArray = stakersArray;
for (uint256 i = 0; i < _stakersArray.length; ++i) {
if (_stakersArray[i] == msg.sender) {
stakersArray[i] = stakersArray[_stakersArray.length - 1];
stakersArray.pop();
break;
}
}
}
stakers[msg.sender].amountStaked -= _amount;

CurrencyTransferLib.transferCurrency(token, address(this), msg.sender, _amount);

emit TokensWithdrawn(msg.sender, _amount);
}

Check notice

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20Upgradeable._withdraw(uint256) (contracts/extension/Staking20Upgradeable.sol#155-177): External calls: - CurrencyTransferLib.transferCurrency(token,address(this),msg.sender,_amount) (contracts/extension/Staking20Upgradeable.sol#174) Event emitted after the call(s): - TokensWithdrawn(msg.sender,_amount) (contracts/extension/Staking20Upgradeable.sol#176)
contracts/extension/Staking20Upgradeable.sol
Comment on lines +136 to +152
function _stake(uint256 _amount) internal virtual {
require(_amount != 0, "Staking 0 tokens");
address _token = token;

if (stakers[msg.sender].amountStaked > 0) {
_updateUnclaimedRewardsForStaker(msg.sender);
} else {
stakersArray.push(msg.sender);
stakers[msg.sender].timeOfLastUpdate = block.timestamp;
}

CurrencyTransferLib.transferCurrency(_token, msg.sender, address(this), _amount);

stakers[msg.sender].amountStaked += _amount;

emit TokensStaked(msg.sender, _amount);
}

Check notice

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20Upgradeable._stake(uint256) (contracts/extension/Staking20Upgradeable.sol#136-152): External calls: - CurrencyTransferLib.transferCurrency(_token,msg.sender,address(this),_amount) (contracts/extension/Staking20Upgradeable.sol#147) Event emitted after the call(s): - TokensStaked(msg.sender,_amount) (contracts/extension/Staking20Upgradeable.sol#151)
contracts/extension/Staking20.sol
Comment on lines +153 to +175
function _withdraw(uint256 _amount) internal virtual {
uint256 _amountStaked = stakers[msg.sender].amountStaked;
require(_amount != 0, "Withdrawing 0 tokens");
require(_amountStaked >= _amount, "Withdrawing more than staked");

_updateUnclaimedRewardsForStaker(msg.sender);

if (_amountStaked == _amount) {
address[] memory _stakersArray = stakersArray;
for (uint256 i = 0; i < _stakersArray.length; ++i) {
if (_stakersArray[i] == msg.sender) {
stakersArray[i] = stakersArray[_stakersArray.length - 1];
stakersArray.pop();
break;
}
}
}
stakers[msg.sender].amountStaked -= _amount;

CurrencyTransferLib.transferCurrency(token, address(this), msg.sender, _amount);

emit TokensWithdrawn(msg.sender, _amount);
}

Check notice

Code scanning / Slither

Reentrancy vulnerabilities

Reentrancy in Staking20._withdraw(uint256) (contracts/extension/Staking20.sol#153-175): External calls: - CurrencyTransferLib.transferCurrency(token,address(this),msg.sender,_amount) (contracts/extension/Staking20.sol#172) Event emitted after the call(s): - TokensWithdrawn(msg.sender,_amount) (contracts/extension/Staking20.sol#174)
contracts/staking/TokenStake.sol Outdated
Comment on lines 20 to 103
contract TokenStake is
Initializable,
ContractMetadata,
PermissionsEnumerable,
ERC2771ContextUpgradeable,
MulticallUpgradeable,
Staking20Upgradeable
{
bytes32 private constant MODULE_TYPE = bytes32("TokenStake");
uint256 private constant VERSION = 1;

/// @dev ERC20 Reward Token address. See {_mintRewards} below.
address public rewardToken;

constructor() initializer {}

/// @dev Initiliazes the contract, like a constructor.
function initialize(
address _defaultAdmin,
string memory _contractURI,
address[] memory _trustedForwarders,
address _rewardToken,
address _stakingToken,
uint256 _timeUnit,
uint256 _rewardsPerUnitTime
) external initializer {
__ReentrancyGuard_init();
__ERC2771Context_init_unchained(_trustedForwarders);

require(_rewardToken != _stakingToken, "Reward Token and Staking Token can't be same.");
rewardToken = _rewardToken;
__Staking20_init(_stakingToken);
_setTimeUnit(_timeUnit);
_setRewardsPerUnitTime(_rewardsPerUnitTime);

_setupContractURI(_contractURI);
_setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
}

/// @dev Returns the module type of the contract.
function contractType() external pure virtual returns (bytes32) {
return MODULE_TYPE;
}

/// @dev Returns the version of the contract.
function contractVersion() external pure virtual returns (uint8) {
return uint8(VERSION);
}

/*///////////////////////////////////////////////////////////////
Transfer Staking Rewards
//////////////////////////////////////////////////////////////*/

/// @dev Mint/Transfer ERC20 rewards to the staker.
function _mintRewards(address _staker, uint256 _rewards) internal override {
CurrencyTransferLib.transferCurrency(rewardToken, address(this), _staker, _rewards);
}

/*///////////////////////////////////////////////////////////////
Internal functions
//////////////////////////////////////////////////////////////*/

/// @dev Returns whether staking related restrictions can be set in the given execution context.
function _canSetStakeConditions() internal view override returns (bool) {
return hasRole(DEFAULT_ADMIN_ROLE, _msgSender());
}

/// @dev Checks whether contract metadata can be set in the given execution context.
function _canSetContractURI() internal view override returns (bool) {
return hasRole(DEFAULT_ADMIN_ROLE, _msgSender());
}

/*///////////////////////////////////////////////////////////////
Miscellaneous
//////////////////////////////////////////////////////////////*/

function _msgSender() internal view virtual override returns (address sender) {
return ERC2771ContextUpgradeable._msgSender();
}

function _msgData() internal view virtual override returns (bytes calldata) {
return ERC2771ContextUpgradeable._msgData();
}
}

Check warning

Code scanning / Slither

Missing inheritance

TokenStake (contracts/staking/TokenStake.sol#20-103) should inherit from IThirdwebContract (contracts/interfaces/IThirdwebContract.sol#4-19)
contracts/extension/Staking20.sol Fixed Show fixed Hide fixed
@kumaryash90 kumaryash90 merged commit db49040 into main Nov 29, 2022
@nkrishang nkrishang deleted the staking-20 branch December 26, 2022 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakeloo jakeloo Awaiting requested review from jakeloo

@joaquim-verges joaquim-verges Awaiting requested review from joaquim-verges

@nkrishang nkrishang Awaiting requested review from nkrishang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kumaryash90