Unstake accounting corruption via storage pointer after delete
Resolved
H-01
HIGH
Commission
Reputation recorded before fee transfer enables state inconsistency
Resolved
H-02
HIGH
Staking
Reward pool receive() has no minimum totalStaked guard
Resolved
M-01
MEDIUM
Staking
No minimum stake duration enables flash-loan reward extraction
Resolved
M-02
MEDIUM
Commission
Fee tier parameters immutable — requires redeployment to adjust
Resolved
M-03
MEDIUM
Cross
Staking contract address changeable without timelock
Resolved
Detailed Findings
CRITICALC-01Staking
Unstake accounting corruption via storage pointer after delete
unstake() reads s.amount from a storage pointer after calling delete on the struct. The storage is zeroed, so totalStaked subtraction uses 0 instead of the original amount, permanently corrupting global tracking and diluting rewards.
Resolution:Save original s.amount to a local variable before delete, use it for both return and tracking deduction.
HIGHH-01Commission
Reputation recorded before fee transfer enables state inconsistency
pickWinner() records reputation completion before USDC transfers. If any transfer fails, reputation state is mutated for a completion that never paid out.
Resolution:Reorganized transfer order. Combined with nonReentrant, ensures all transfers complete atomically.
HIGHH-02Staking
Reward pool receive() has no minimum totalStaked guard
Between deployment and first stake, totalStakedGlobal == 0. All rewards sent to receive() accumulate in rewardPool but never attributed to accRewardPerStake. First staker captures all accumulated rewards.
Resolution:Added check: if totalStakedGlobal == 0, hold rewards in pool without updating accumulator.
Invariant Verification
#
Invariant
Holds
Notes
1
sum of all stakes[_agent][_] == totalStaked[_agent]
Yes
Per-agent accounting consistent
2
sum of all totalStaked == totalStakedGlobal
Yes
Global sum matches per-agent sums
3
rewardPool >= sum of all pendingReward(_agent, _staker)
{"en":{"nav.roles":"Roles","nav.focus":"Focus","nav.services":"Services","nav.journey":"Journey","nav.why":"Why","nav.connect":"Connect","nav.contact":"Contact","hero.tag.researcher":"Researcher","hero.tag.builder":"Builder","hero.tag.ambassador":"Community","hero.title.line1":"GRADUAL","hero.title.line2":"ASCENSION","hero.subtitle":"Climbing through Web3's dark forest. Focused on on-chain research, project building, and ecosystem development.","hero.cta.primary":"Get in Touch","hero.cta.secondary":"Learn More","hero.scroll":"Scroll","roles.section":"WHAT I DO","roles.01.title":"On-chain Research","roles.01.desc":"Focusing on blockchain transparency, anti-fraud, and helping the community navigate Web3 safely.","roles.02.title":"Building","roles.02.desc":"Building on-chain projects, exploring AI Agent identity, and contributing to the ecosystem.","roles.03.title":"Privacy & Security","roles.03.desc":"Learning and exploring FHE, TEE, and Ethereum privacy development.","focus.section":"FOCUS AREAS","focus.01.title":"On-chain Transparency & Anti-fraud","focus.01.desc":"Building tools and research to make Web3 safer and more transparent for everyone.","focus.02.title":"AI Agent + Web3 Composability","focus.02.desc":"Exploring the intersection of autonomous agents and decentralized protocols.","focus.03.title":"Infrastructure Scaling","focus.03.desc":"Supporting blockchain performance scaling and futureproof infrastructure development.","focus.04.title":"RWA, DeFi & Emerging Narratives","focus.04.desc":"Tracking and building in real-world assets, decentralized finance, and new paradigms.","journey.section":"MY JOURNEY","journey.quote":"Blockchain is simple; what's hard is human nature.","journey.text":"I've been rooted in the blockchain industry, from community moderator to project ambassador. My path wasn't glamorous — I entered this space with a learning mindset and met friends who helped me along the way. Currently I'm learning about privacy in crypto, like FHE (Fully Homomorphic Encryption) and TEE. I believe <strong>staying vigilant, continuous learning, and actually building</strong> is the key to long-term survival.","journey.value.01":"Stay Vigilant","journey.value.02":"Keep Learning","journey.value.03":"Build Continuously","journey.timeline.01":"Entered Web3","journey.timeline.02":"Ten Protocol International MOD","journey.timeline.03":"AltiusLabs Ambassador","journey.timeline.04":"Founded UZEN Labs — Lead Researcher","journey.timeline.05":"To be continued…","services.section":"SERVICES","services.website.title":"Website Development","services.website.desc":"Custom websites of all types — personal, e-commerce, blogs, Web3 dApps.","services.audit.title":"Smart Contract Audit","services.audit.desc":"Security-focused auditing for Solidity and Solana programs.","services.custom.title":"Custom Development","services.custom.desc":"Full-stack development — websites, bots, automation, APIs, blockchain.","why.section":"WHY THIS SITE","why.lead":"This is not another information aggregator, but my <strong>thought output, project showcase, and collaboration entry point</strong>.","why.list.01":"Web3 research collaboration","why.list.02":"Anti-fraud and security discussions","why.list.03":"Builder and community opportunities","why.list.04":"Or just want to chat about on-chain trends","connect.title":"Have a project in mind?","connect.form.name":"Your name","connect.form.name.placeholder":"Your name","connect.form.email":"Email","connect.form.email.placeholder":"you@email.com","connect.form.message":"Message","connect.form.message.placeholder":"Your message","connect.form.submit":"Send Message","connect.form.or":"or","connect.form.email.direct":"Send email directly","connect.info.title":"Let's talk.","connect.info.subtitle":"Whether it's research collaboration, security discussions, or just chatting about on-chain trends.","connect.feature.01.title":"Open to collaboration","connect.feature.01.desc":"Web3 research, anti-fraud, and building together.","connect.feature.02.title":"Always welcome","connect.feature.02.desc":"Share your thoughts, ideas, or just say hello.","connect.consultation.link":"Paid Consultation","connect.consultation.price":"$13.99","consultation.title":"Need Premium Support?","consultation.desc":"For complex projects, in-depth code reviews, or dedicated technical consulting — get priority support with paid consultation.","consultation.price":"$13.99","consultation.unit":"per session","consultation.cta":"Book a Session","footer.email":"EMAIL","footer.studio":"STUDIO","footer.services":"Build","footer.audits":"Audits","footer.custom":"Custom Dev","footer.resources":"RESOURCES","footer.social":"SOCIAL","footer.navigate":"Navigate","footer.work":"Work","footer.contact":"Contact","footer.copy":"All rights reserved.","legal.lastUpdated":"Last updated","legal.privacy.title":"Privacy Policy","legal.privacy.intro":"Your privacy matters. This policy explains what data we collect when you visit jask.dev or hire us for a project, why we collect it, and how we keep it safe.","legal.privacy.whoWeAre":"Who we are","legal.privacy.whoWeAre.text":"Jask is a freelance developer and researcher focused on Web3, blockchain security, and full-stack development. References to \"we\", \"us\", and \"our\" mean Jask.","legal.privacy.whatWeCollect":"What we collect","legal.privacy.whatWeCollect.intro":"We collect only what we need to run the studio and respond to your project briefs:","legal.privacy.whatWeCollect.item1":"Contact details you submit through forms (name, email, message)","legal.privacy.whatWeCollect.item2":"Project information shared during scoping and engagement","legal.privacy.whatWeCollect.item3":"Anonymous analytics — page views, country, device type — to improve the site","legal.privacy.howWeUse":"How we use your information","legal.privacy.howWeUse.text":"We use the information we collect to respond to your inquiries, provide support, send information about our services, and improve our website.","legal.privacy.sharing":"Information sharing","legal.privacy.sharing.text":"We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as necessary to provide our services or as required by law.","legal.privacy.analytics":"Analytics","legal.privacy.analytics.text":"We use Google Analytics and Umami Analytics to understand how visitors interact with our website. These services may collect information such as your IP address, browser type, and pages visited. This data is used solely for improving our website experience.","legal.privacy.security":"Data security","legal.privacy.security.text":"We implement reasonable security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.","legal.privacy.cookies":"Cookies","legal.privacy.cookies.text":"We use essential cookies to remember your language and theme preferences. These cookies are stored locally in your browser and do not track your activity across other websites.","legal.privacy.rights":"Your rights","legal.privacy.rights.text":"You have the right to access, correct, or delete your personal information. If you wish to exercise any of these rights, please contact us at hi@jask.dev.","legal.privacy.changes":"Changes to this policy","legal.privacy.changes.text":"We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the \"Last updated\" date.","legal.privacy.contact":"Contact us","legal.privacy.contact.text":"If you have any questions about this privacy policy, please contact us at hi@jask.dev.","legal.terms.title":"Terms of Service","legal.terms.intro":"These terms govern your use of jask.dev and our services. By accessing our website or engaging our services, you agree to these terms.","legal.terms.acceptance":"Acceptance of terms","legal.terms.acceptance.text":"By accessing and using this website, you accept and agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use our services.","legal.terms.services":"Services","legal.terms.services.text":"We provide web development, smart contract auditing, and custom development services. All services are subject to separate agreements and proposals. The information on this website is for general informational purposes only.","legal.terms.ip":"Intellectual property","legal.terms.ip.text":"All content on this website, including text, code, designs, and graphics, is the property of Jask and is protected by applicable intellectual property laws. You may not reproduce, distribute, or create derivative works without our express written permission.","legal.terms.responsibilities":"User responsibilities","legal.terms.responsibilities.intro":"When using our services, you agree to:","legal.terms.responsibilities.item1":"Provide accurate and complete information","legal.terms.responsibilities.item2":"Not use our services for any illegal or unauthorized purpose","legal.terms.responsibilities.item3":"Not attempt to interfere with the proper functioning of our website","legal.terms.responsibilities.item4":"Respect the intellectual property rights of others","legal.terms.liability":"Limitation of liability","legal.terms.liability.text":"Our services are provided \"as is\" without warranties of any kind. We shall not be liable for any indirect, incidental, special, or consequential damages arising from the use of our services. Our total liability shall not exceed the amount paid for the specific service in question.","legal.terms.confidentiality":"Confidentiality","legal.terms.confidentiality.text":"We respect the confidentiality of all client information. Any proprietary information shared during the course of our engagement will be kept confidential and used solely for the purpose of providing our services.","legal.terms.payment":"Payment terms","legal.terms.payment.text":"Payment terms for services will be outlined in individual proposals and agreements. Unless otherwise specified, payment is due upon completion of the agreed-upon deliverables.","legal.terms.termination":"Termination","legal.terms.termination.text":"Either party may terminate a service engagement with written notice. Upon termination, you will be responsible for payment for all services rendered up to the date of termination.","legal.terms.law":"Governing law","legal.terms.law.text":"These terms shall be governed by and construed in accordance with applicable laws. Any disputes arising from these terms shall be resolved through good-faith negotiation.","legal.terms.changes":"Changes to terms","legal.terms.changes.text":"We reserve the right to modify these terms at any time. Continued use of our services after changes constitutes acceptance of the new terms.","legal.terms.contact":"Contact","legal.terms.contact.text":"If you have any questions about these terms, please contact us at hi@jask.dev."},"zh":{"nav.roles":"角色","nav.focus":"聚焦","nav.services":"服务","nav.journey":"故事","nav.why":"意义","nav.connect":"联系","nav.contact":"联系","hero.tag.researcher":"研究员","hero.tag.builder":"构建者","hero.tag.ambassador":"社区","hero.title.line1":"循序渐进","hero.title.line2":"步步登高","hero.subtitle":"在 Web3 的黑暗森林里逐步攀升。专注于链上研究、项目构建与生态建设。","hero.cta.primary":"联系我","hero.cta.secondary":"了解更多","hero.scroll":"向下滚动","roles.section":"我在做什么","roles.01.title":"链上研究","roles.01.desc":"专注于区块链透明度、反欺诈,帮助社区安全导航 Web3。","roles.02.title":"项目构建","roles.02.desc":"构建链上项目,探索 AI Agent 身份,为生态做贡献。","roles.03.title":"隐私与安全","roles.03.desc":"学习和探索 FHE、TEE 以及以太坊隐私发展。","focus.section":"研究领域","focus.01.title":"链上透明度与反欺诈","focus.01.desc":"构建工具和研究,让 Web3 对每个人更安全、更透明。","focus.02.title":"AI Agent + Web3 可组合性","focus.02.desc":"探索自主智能体与去中心化协议的交叉领域。","focus.03.title":"基础设施扩展性","focus.03.desc":"支持区块链性能扩展与未来基础设施发展。","focus.04.title":"RWA、DeFi 与新兴叙事","focus.04.desc":"追踪和构建现实世界资产、去中心化金融与新范式。","journey.section":"个人故事","journey.quote":"区块链很简单,难的是人心。","journey.text":"我扎根在区块链行业,从社区版主到项目大使。一路走来并不光鲜——我抱着学习的态度进入这个领域,结识了一些对我有帮助的朋友。目前我主要在学习加密领域的隐私问题,比如 FHE(全同态加密技术)和 TEE。我相信<strong>保持警惕、持续学习、实际构建</strong>是长期生存之道。","journey.value.01":"保持警惕","journey.value.02":"持续学习","journey.value.03":"持续构建","journey.timeline.01":"进入 Web3","journey.timeline.02":"Ten Protocol 国际 MOD","journey.timeline.03":"AltiusLabs 大使","journey.timeline.04":"创立 UZEN Labs — 首席研究员","journey.timeline.05":"未完待续…","services.section":"服务","services.website.title":"网站建设","services.website.desc":"各类网站定制——个人站、电商、博客、Web3 dApp。","services.audit.title":"合约审计","services.audit.desc":"针对 Solidity 和 Solana 程序的安全审计。","services.custom.title":"定制开发","services.custom.desc":"全栈定制开发——网站、机器人、自动化、API、区块链。","why.section":"网站意义","why.lead":"这里不是另一个信息汇总站,而是我的<strong>思考输出、项目展示、合作入口</strong>。","why.list.01":"Web3 研究合作","why.list.02":"反欺诈与安全相关讨论","why.list.03":"构建者与社区机会","why.list.04":"或者只是想聊链上趋势","connect.title":"有合作想法?","connect.form.name":"你的名字","connect.form.name.placeholder":"你的名字","connect.form.email":"邮箱","connect.form.email.placeholder":"you@email.com","connect.form.message":"留言","connect.form.message.placeholder":"你的留言","connect.form.submit":"发送消息","connect.form.or":"或","connect.form.email.direct":"直接发邮件","connect.info.title":"聊聊吧。","connect.info.subtitle":"无论是研究合作、安全讨论,还是单纯想聊聊链上趋势。","connect.feature.01.title":"欢迎合作","connect.feature.01.desc":"Web3 研究、反欺诈、共同构建。","connect.feature.02.title":"随时欢迎","connect.feature.02.desc":"分享你的想法、观点,或者只是打个招呼。","connect.consultation.link":"付费咨询","connect.consultation.price":"¥88","consultation.title":"需要更高支持?","consultation.desc":"复杂项目、深度代码审查或专属技术咨询 — 通过付费咨询获得优先支持。","consultation.price":"¥88","consultation.unit":"每次","consultation.cta":"预约咨询","footer.email":"邮箱","footer.studio":"工作室","footer.services":"建造","footer.audits":"审计","footer.custom":"定制开发","footer.resources":"资源","footer.social":"社交","footer.navigate":"导航","footer.work":"项目","footer.contact":"联系","footer.copy":"版权所有。","legal.lastUpdated":"最后更新","legal.privacy.title":"隐私政策","legal.privacy.intro":"您的隐私很重要。本政策说明您在访问 jask.dev 或委托我们项目时,我们收集哪些数据、为什么收集以及如何保护。","legal.privacy.whoWeAre":"我们是谁","legal.privacy.whoWeAre.text":"Jask 是一名专注于 Web3、区块链安全和全栈开发的自由开发者和研究员。文中提到的\"我们\"指 Jask。","legal.privacy.whatWeCollect":"我们收集什么","legal.privacy.whatWeCollect.intro":"我们只收集运营工作室和回复项目需求所需的信息:","legal.privacy.whatWeCollect.item1":"您通过表单提交的联系方式(姓名、邮箱、留言)","legal.privacy.whatWeCollect.item2":"项目沟通和对接过程中分享的项目信息","legal.privacy.whatWeCollect.item3":"匿名分析数据 — 页面浏览量、国家、设备类型 — 用于改善网站体验","legal.privacy.howWeUse":"我们如何使用您的信息","legal.privacy.howWeUse.text":"我们使用收集的信息来回复您的咨询、提供支持、发送服务信息以及改善我们的网站。","legal.privacy.sharing":"信息共享","legal.privacy.sharing.text":"我们不会在未经您同意的情况下向第三方出售、交易或以其他方式转移您的个人信息,除非为提供服务所需或法律要求。","legal.privacy.analytics":"分析工具","legal.privacy.analytics.text":"我们使用 Google Analytics 和 Umami Analytics 来了解访客如何与网站互动。这些服务可能收集您的 IP 地址、浏览器类型和访问页面等信息。这些数据仅用于改善网站体验。","legal.privacy.security":"数据安全","legal.privacy.security.text":"我们采取合理的安全措施保护您的个人信息。然而,互联网传输方法无法保证 100% 安全,我们无法保证绝对安全。","legal.privacy.cookies":"Cookie","legal.privacy.cookies.text":"我们使用必要的 Cookie 来记住您的语言和主题偏好。这些 Cookie 存储在您的浏览器中,不会跟踪您在其他网站的活动。","legal.privacy.rights":"您的权利","legal.privacy.rights.text":"您有权访问、更正或删除您的个人信息。如需行使这些权利,请通过 hi@jask.dev 联系我们。","legal.privacy.changes":"政策变更","legal.privacy.changes.text":"我们可能会不时更新本隐私政策。如有变更,我们会在本页面发布新政策并更新\"最后更新\"日期。","legal.privacy.contact":"联系我们","legal.privacy.contact.text":"如果您对本隐私政策有任何疑问,请通过 hi@jask.dev 联系我们。","legal.terms.title":"服务条款","legal.terms.intro":"这些条款管理您对 jask.dev 和我们服务的使用。访问我们的网站或使用我们的服务即表示您同意这些条款。","legal.terms.acceptance":"条款接受","legal.terms.acceptance.text":"访问和使用本网站即表示您接受并同意受这些服务条款的约束。如果您不同意这些条款,请勿使用我们的服务。","legal.terms.services":"服务","legal.terms.services.text":"我们提供网站开发、智能合约审计和定制开发服务。所有服务以单独的协议和提案为准。本网站上的信息仅供参考。","legal.terms.ip":"知识产权","legal.terms.ip.text":"本网站上的所有内容,包括文字、代码、设计和图形,均为 Jask 的财产,受适用的知识产权法保护。未经我们明确书面许可,您不得复制、分发或创建衍生作品。","legal.terms.responsibilities":"用户责任","legal.terms.responsibilities.intro":"使用我们的服务时,您同意:","legal.terms.responsibilities.item1":"提供准确完整的信息","legal.terms.responsibilities.item2":"不将我们的服务用于任何非法或未经授权的目的","legal.terms.responsibilities.item3":"不试图干扰我们网站的正常运行","legal.terms.responsibilities.item4":"尊重他人的知识产权","legal.terms.liability":"责任限制","legal.terms.liability.text":"我们的服务按\"现状\"提供,不提供任何担保。对于因使用我们服务而产生的任何间接、附带、特殊或后果性损害,我们不承担责任。我们的总责任不超过所涉服务支付的金额。","legal.terms.confidentiality":"保密","legal.terms.confidentiality.text":"我们尊重所有客户信息的保密性。在合作过程中分享的任何专有信息将被保密,仅用于提供服务。","legal.terms.payment":"付款条款","legal.terms.payment.text":"服务的付款条款将在单独的提案和协议中说明。除非另有规定,付款应在完成约定的交付物后支付。","legal.terms.termination":"终止","legal.terms.termination.text":"任何一方均可通过书面通知终止服务合作。终止后,您需支付截至终止日期的所有服务费用。","legal.terms.law":"适用法律","legal.terms.law.text":"这些条款受适用法律管辖并按其解释。因这些条款产生的任何争议应通过善意协商解决。","legal.terms.changes":"条款变更","legal.terms.changes.text":"我们保留随时修改这些条款的权利。变更后继续使用我们的服务即表示接受新条款。","legal.terms.contact":"联系","legal.terms.contact.text":"如果您对这些条款有任何疑问,请通过 hi@jask.dev 联系我们。"}}
