Hey all, I’m capturing the latest information from an ongoing discussion in Discord among community members about a discrepancy with Stacking rewards this cycle. I wanted to surface this here for better visibility and to provide a place for folks if they have questions. First, a big shout out to @friedger as well as Joe Crypto and yoyo liber for discovering this and jumping in with other core developers to get to the bottom of it.
What we know
- There is a bug in the
stack-increasefunction in the pox-2 contract. The bug affects the contract’s internal state of stacked amount, for the address that calls stacks-increase.
- The bug is allowing an address (currently aware of just one) to earn more than its share of Stacking rewards associated with its reward slots.
- This will reduce the overall payouts to other Stackers for this cycle. The current best estimate is about a 50% reduction in rewards for Stackers this cycle, but we can’t be certain of the total impact until the cycle ends.
- This does not impact callers of
delegated-stacks-increase(e.g. stacking pools), other than in terms of the reduced rewards.
- Data returned from the
/v2/poxendpoint in the
current_cyclesection will be inaccurate for the remainder of the cycle.
- The current data suggests this bug was activated unintentionally and was not a deliberate attack.
Core developers and other Stacking pool experts in the community are working through the best possible solutions. It seems likely that a fork/upgrade will take place before the start of the next stacking cycle to address the bug. Different solutions offer different diagnoses for effects on upcoming rewards, however, the leading proposal would fix the issue while maintaining correct rewards next cycle!
If you know this Stacker (Reward address:
bc1qpyjutel6d4gj50dscphjrqcp29ljtfjel7ccap), please recommend they get in touch via [email protected] for a white hat bounty offer for returning the rewards to fellow Stackers.
Updates will be posted to this thread as they are available, thanks!