m
marginal-bounty
@MarginalProtocol
LiveMarginal is a permissionless spot and perpetual exchange that enables leverage on any asset with an Uniswap V3 Oracle.
One can think of the core mechanism of the protocol as analogous to overcollateralized short-selling with the interest payment dictated by a typical perpetual funding rate.
Visit the docs for a complete project overview.
Smart Contracts in Scope
Deployments: Sepolia
V1 Core:
| Target URL | Type |
|---|---|
| MarginalV1Factory.sol | MarginalV1Factory |
| MarginalV1Pool.sol | MarginalV1Pool |
V1 Periphery:
| Target URL | Type |
|---|---|
| NonfungiblePositionManager.sol | NonfungiblePositionManager |
| Router.sol | Router |
| Quoter.sol | Quoter |
| Oracle.sol | Oracle |
| PoolInitializer.sol | PoolInitializer |
| PairArbitrageur.sol | PairArbitrageur |
Severity Definitions
Smart Contracts
| Severity level | Impact: High | Impact: Medium |
|---|---|---|
| Likelihood:high | Upto $25000 | - |
| Likelihood:medium | - | - |
Out of Scope (all repositories)
Known Issues
Known issues from previous security reviews are considered out of scope.
Specific Types of Issues
- Informational findings.
- Design choices related to protocol.
- Issues that are ultimately user errors and can easily be caught in the frontend. For example, transfers to
address(0). - Oracle manipulation attacks.
- Rounding errors.
- Relatively high gas consumption.
- Extreme market turmoil vulnerability.
Prohibited Actions
- Live testing on public chains, including public mainnet deployments and public testnet deployments.
- We recommend testing on local forks, for example using foundry.
- Public disclosure of bugs without the consent of the protocol team.
- Conflict of Interest: any employee or contractor working with Project Entity cannot participate in the Bug Bounty.
Total reward
$25,000
Findings submitted
8
Start date
Jul 8, 2024
Please sign in as a researcher to join the bounty.
Log in