Cold Staking security audit, conducted by the Callisto Network Security Department in October 2018.
Cold Staking Specificities
Cold Staking smart-contract is the core smart-contract of Callisto Network that is intended to allow users to stake their CLO by locking it for a certain period of time.
The contract must allow users to:
- Deposit CLO into the contract after the contract launch date (i.e. “stake” it).
- Deposited CLO must be locked for the specified amount of time.
- Withdraw CLO after the specified amount of time.
- Withdraw staking rewards.
- Throw out a staker if he is inactive for longer than 2 years.
- Security audit of the Cold Staking contract.
- Bug bounty.
- Contract will be compiled and deployed at Callisto Mainnet before the hardfork date.
- At 11th November, the hardfork №1 will be enabled. Contract will start to receive 20% of block rewards. Staking will not be enabled instantly.
- At 12th November 0:0 UTC the staking will become available.
Cold Staking values:
Cold Staking Smart Contract Security Audit Report
Are Your Funds Safe?
1. In scope
In total, 1 issues were reported including:
- 1 minor observation.
No critical security issues were found.
2.1. Timestamp may have not right meaning. A round can go longer than 27 days.
Severity: minor observation.
The round can go longer than 27 days in case of an increase block generation time to over 25 seconds for a long time.
In case when blocktime is more than 25 seconds the
Timestamp will have not “timestamp of the last interaction” value (look at here). This will lead to a distortion of the flow of staking time.
Consider the problem by example:
|Block id||Block time, sec||
|start value||1539260000||Mike make a stake.|
|…||…||…||…||…||…||An hour has passed|
|1200103||35||25||1539263640||1539262600||1040||Passed 1 hour of real time, but the contract “thinks” that 43 minutes have passed.|
I don’t know whether a continuous change in the block generation time by a value greater than 25 seconds is possible. But if it is possible then the time inside the contract will differ from the real time. What will affect the reward.
No critical vulnerabilities were detected.
4. Revealing audit reports
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!