ChainSecurity has performed a smart contract audit of POA Network’s SBC deposit (Stake Beacon Chain). The issues identified by ChainSecurity have all been corrected by POA Network.
POA Network offers a Stake Beacon Chain (SBC) deposit contract that is supposed to be used by stakers in the context of a Proof-of-Stake consensus. Stakers will first come to an agreement with a validator node about the amount to stake, then it will deposit the agreed-on stake amount to a deposit contract, such as the one proposed by POA Network.
The contract is based on the original Ethereum 2.0 deposit contract, but SBC Deposit adds extended functionality to it:
- ERC20 deposits: Stakers can deposit ERC20 STAKE tokens instead of native tokens
- batch deposits on top of normal deposits: batch deposits are fixed at 32 STAKE per deposit and normal deposits are floored to 1 STAKE
- support for ERC677: Adds a hook on ERC20 tokens transfer to trigger token receiver
- upgradeability: A proxy pattern is used to have the ability to upgrade the implementation contract
- claimability: An admin is able to withdraw any mistakenly sent non-STAKE tokens (ERC20 or native) in order to give them back to their owners
- contract can be paused: This functionality is only available for the admin
As the original contract, StakeDepositContract implements an incremental Merkle tree algorithm to keep track of the deposits’ history. It can contain up to 2^32 – 1 deposit records and allows root computation in O(log(n)).