🚀 Boosted Finance: Internal Audit Results, ALL Bugs Resolved

Fellow AlphaNauts,

All funds in our Wave 3 contracts and system are safe with staking, withdrawing, claiming rewards, boosters functioning as normal. There is nothing affecting the current Wave 3 Distribution mechanism and this has been put together to be transparent with the community in our rigorous development process.

Even after the deployment of the V2 contracts, we continued extensive testing and internal audits with community contributors to ensure that the contracts were safe to use. The entire contributing team for Boosted Finance wanted to inform you of some smart contract bugs that have been discovered.

Heres a breakdown of the bugs and the resolution path for each if not already resolved.

Resolved: Governance Contract v2

Due to an error while refactoring code, the stake() and withdraw() functions in the governance contract lacked the actual transfer of BOOST tokens. To fix this, we have sent a transaction staking the max amount possible uint(-1) to restrict anyone else from staking in the governance contract temporarily. We have also integrated with Snapshot for off-chain quadratic voting which will be used in the meantime, announcement will be coming out shortly.

Without the fix, this would have allowed anyone to call those functions with arbitrary amounts, and submit and vote for malicious proposals that drain the treasury.

Once Wave 3 has completed on Thursday 1 October 1:00PM UTC, new governance and treasury contracts will be deployed alongside bVaults which will all collectively undergo professional audits together.

Resolved: Ecosystem Fund

In our treasury contracts, there was a bug that was identified that fails to increment the ecosystem fund amount when the Treasury accumulates funds. Instead, the value of the ecosystem fund is only equal to a small proportion of the last deposit function call (last individual who burns a booster).

We have reverse rug pulled.

We have marked this as resolved as it can be solved with a simple BFIP to transfer the correct funding amount to the old governance contract.

Resolved: Rewards Contracts

In our Reward contracts, the exit() function which exits and claims a user’s rewards in a pool and the withdraw() functions allow users to withdraw a valid amount but fails to automatically claim the rewards.

Users must claim the rewards manually (by sending another transaction to claim rewards) when exiting the pools to ensure all their funds are taken with them.

We apologise for the inconvenience, please make sure you optimize gas prices manually by using the link below and selecting a non-congested time on the Ethereum network such as Sundays.

Closing Remarks

The core and community contributors of Boosted Finance will do their absolute best to exhaustively test and deliver the highest quality of contracts in the production environment. Nevertheless, we would like to remind users to conduct their due diligence when interacting with Boosted Finance as they have not been professionally audited yet.

No action is required from the community. We want to reiterate that all funds are safe and yields, rewards, and initial stakes are NOT affected.

We are continuing to expand our group of AlphaNauts and community contributors including developers as we spearhead towards the launch of bVaults and bounce around further ideas for product offerings that use BOOST. Here are some subtle hints on what we have in mind: bInsure, NFTs.

Happy farming everybody!

🚀 Equally fair #DeFi protocol with compounded value generation for stakeholders

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store