🚀 Boosted Finance: Internal Audit Results, ALL Bugs Resolved
Fellow AlphaNauts,
All funds in our Wave 3 contracts and system are safe with staking, withdrawing, claiming rewards, boosters functioning as normal. There is nothing affecting the current Wave 3 Distribution mechanism and this has been put together to be transparent with the community in our rigorous development process.
Even after the deployment of the V2 contracts, we continued extensive testing and internal audits with community contributors to ensure that the contracts were safe to use. The entire contributing team for Boosted Finance wanted to inform you of some smart contract bugs that have been discovered.
Here’s a breakdown of the bugs and the resolution path for each if not already resolved.
Resolved: Governance Contract v2
Due to an error while refactoring code, the stake() and withdraw() functions in the governance contract lacked the actual transfer of BOOST tokens. To fix this, we have sent a transaction staking the max amount possible uint(-1) to restrict anyone else from staking in the governance contract temporarily. We have also integrated with Snapshot for off-chain quadratic voting which will be used in the meantime, announcement will be coming out shortly.
Without the fix, this would have allowed anyone to call those functions with arbitrary amounts, and submit and vote for malicious proposals that drain the treasury.
Once Wave 3 has completed on Thursday 1 October 1:00PM UTC, new governance and treasury contracts will be deployed alongside bVaults which will all collectively undergo professional audits together.
Resolved: Ecosystem Fund
In our treasury contracts, there was a bug that was identified that fails to increment the ecosystem fund amount when the Treasury accumulates funds. Instead, the value of the ecosystem fund is only equal to a small proportion of the last deposit function call (last individual who burns a booster).
We have reverse rug pulled.
We have marked this as resolved as it can be solved with a simple BFIP to transfer the correct funding amount to the old governance contract.
Resolved: Rewards Contracts
In our Reward contracts, the exit() function which exits and claims a user’s rewards in a pool and the withdraw() functions allow users to withdraw a valid amount but fails to automatically claim the rewards.
Users must claim the rewards manually (by sending another transaction to claim rewards) when exiting the pools to ensure all their funds are taken with them.
We apologise for the inconvenience, please make sure you optimize gas prices manually by using the link below and selecting a non-congested time on the Ethereum network such as Sundays.
Closing Remarks
The core and community contributors of Boosted Finance will do their absolute best to exhaustively test and deliver the highest quality of contracts in the production environment. Nevertheless, we would like to remind users to conduct their due diligence when interacting with Boosted Finance as they have not been professionally audited yet.
No action is required from the community. We want to reiterate that all funds are safe and yields, rewards, and initial stakes are NOT affected.
We are continuing to expand our group of AlphaNauts and community contributors including developers as we spearhead towards the launch of bVaults and bounce around further ideas for product offerings that use BOOST. Here are some subtle hints on what we have in mind: bInsure, NFTs.
Happy farming everybody!
