BIP-0004: Staking contract update

Author: dharkmattr
Status: Final

Introduction:

The BabelFish staking contract was paused due to a security vulnerability that allowed for voting power theft. Specifically, a small amount of FISH could be staked at the same time and date as an existing stake, with a new delegate address passed as a parameter. This new delegate address would then receive the complete voting power of the stake. To fix this vulnerability and other issues, this BIP proposes several changes, including code refactoring and bug fixes, to the BabelFish staking contract.

The BabelFish staking and Bitocracy are a fork of Sovryn, with the initial intention of developing them further. However, it was later decided that this would be a waste of time and resources. Thus, it was concluded that the best way to move forward is to update and keep the staking contract up to date with the current version used by Sovryn. Updating the BabelFish staking contract to be compatible with Sovryn’s version was a big effort and very complex due to the changes required.

Due to logistical requirements for starting the vote on this proposal, the staking contract has been updated by the BabelFish multisig according to the changes specified below. This proposal seeks to retroactively approve this update. Should this proposal be approved, the update will remain in effect and the staking contract will be unpaused so that Bitocracy can resume normal operations. Should this proposal be rejected, the update will be rolled back/and or a new proposal will be put forth to address any community concerns.

Changes:

1. Updating BabelFish staking contract to the version used by Sovryn, as updated staking contract code base will be easier to maintain going forward.
2. Applying fixes to the discovered vulnerabilities:

• The staking contract was vulnerable to voting power theft, which allowed a user to delegate voting power associated with a specific stake by staking an arbitrarily small amount of FISH for the user at the same date and time, and passing a new delegate as a parameter. As a result, the complete voting power of this stake was delegated to the passed delegate address.
• The guard against multiple manipulations of the same stake on a single transaction can be circumvented because it is checking for the message sender address instead of the address to which the stake actually belongs.

3. Separating the staking contract code into multiple modules, which can be deployed individually - due to the contract reaching the maximum possible EIP-170 solidity contract size.

Details:

The previous version of the contract, which was until recently on mainnet, can be found at:

• GitHub - BabelFishProtocol/governance-sc

The updated version, which has been deployed to testnet and mainnet, can be found at:

• GitHub - BabelFishProtocol/governance-sc at testnet

Additional reference:

Although not all changes were required by BabelFish, having the same base code was important to maintain compatibility and enable further updates if needed. For more detailed information on all the changes implemented by Sovryn, please refer to SIP-0049 and SIP-0058:

• (SIPS/SIP-0049.md at 48a3f26dd39e63e105f97a5a5e93337f4a56d820 · DistributedCollective/SIPS · GitHub)
• (SIPS/SIP-0058.md at 7c96f893e1e17c4dcc887df2a08bac24cf8d8525 · DistributedCollective/SIPS · GitHub).

Final BIP-0004 staking contract update1920×1080 117 KB

Are you ready to shape the future of BabelFish? We are excited to announce that the proposed update to the staking contract, BIP-0004, is now up for vote. This is your chance to make your voice heard and help us build a better BabelFish for everyone.

The proposed update brings several important changes that will benefit the community - the most important change is a fix of a serious vulnerability. You can read more about these changes on our forum in this topic.

We want to be transparent with you: as voiced earlier, we have encountered some obstacles, so the staking contract has already been updated to meet logistical requirements for the vote. However, this proposal seeks to retroactively approve the update, so it will only remain in effect if it receives community support.

To participate in the vote, please visit: BabelFish | Stablecoin aggregator

We urge all members of the community to take part and help us make BabelFish the best it can be!

Thank you for your continued support and participation. Let’s work together to build a brighter future for BabelFish.

Succeeded BIP-0004 staking contract update1920×1080 122 KB

We are excited to announce that the proposed update to the staking contract, BIP-0004, has been approved with 100% support from the community!

We would like to extend our deepest gratitude to all the stakers who participated in the vote and helped make this possible.

Thanks to your overwhelming support, we can now move forward with other important votes to take place soon.

We are now working on finalizing the update and will follow up once maintenance mode is lifted on the staking app.

Thank you once again for your participation and support. Let’s continue to work together to make BabelFish better for everyone