We recently identified a bug that in rare instances resulted in a balance discrepancy for a very small group of stCelo users (11 accounts). We do not believe that this bug places user funds at risk, as the issue relates to how funds are displayed and accounted for and because there exists a workaround for affected users to fully withdraw their funds. Additionally, the stCelo codebase has undergone several rounds of audits with multiple auditors to mitigate risk.

Note that this issue pertains only to users using the stCelo liquid staking protocol, and not users using Celo’s native locking and unlocking functionality.

Below, we outline the impact and cause of the bug, the steps for regaining access by affected users, and the actions currently being taken to address the issue.

Impact and Cause

The issue occurs when an account has CELO deposited in stCelo, votes on a Celo Governance proposal (locking their stCelo until the proposal is finalized) and then changes their validator voting strategy. This causes the balance used for voting to become unaccounted for. However, the underlying CELO is still in the protocol and has not been transferred or lost.

After conducting an on-chain analysis, we determined that a maximum of 11 accounts have been affected by this bug, involving approximately 5000 CELO. This represents roughly 0.25% of TVL at the time of writing.

Steps to regain access

To check if your account is affected, compare your address to the list of addresses in this Dune dashboard. If your account is on the list, you can regain access to your funds by following these steps:

1. Vote with your whole balance to any existing governance proposal in referendum stage (you will have to wait for a governance proposal if one doesn’t exist at the moment)
2. Change the validator that you’re voting for to the default one: 0x0000000000000000000000000000000000000000
3. Revoke your votes from the governance proposal (equivalent to voting for the same proposal with the 0 value).
4. Your balance should be now available and ready to be withdrawn from stCelo, if desired.

Actions Taken

Since this bug is caused by users voting for a specific validator after participating in a governance proposal, cLabs has temporarily disabled this functionality from the cLabs run front-end. Please note that this issue can still be encountered should a user choose to interact directly with the smart contracts.

cLabs is also working on a permanent fix that prevents this bug from occurring in the future and is working with an auditor to ensure the change is fully audited. Once audited, the stCelo owner multisig composed of members from multiple organizations in the Celo ecosystem will review and apply the change at their discretion. Please note that there is a one week deployment timelock after the multisig owners post the update on-chain.

Once the fix is fully rolled out, users will again be able to switch their voting strategy on the front-end without any restrictions.

Thank you for your understanding as we work to resolve this issue. We will continue to provide updates as soon as they are available. If you have any questions, please do not hesitate to contact our team.

Martín Volpe, on behalf of the cLabs Primitives Team

Thanks for sharing this!

Theres is a governance proposal out right now so now is a good time to do the workaround for anyone affected.