Marginal / marginal-bounty
Marginal is a permissionless spot and perpetual exchange that enables leverage on any asset with an Uniswap V3 Oracle.
One can think of the core mechanism of the protocol as analogous to overcollateralized short-selling with the interest payment dictated by a typical perpetual funding rate.
Visit the docs for a complete project overview.
Smart Contracts in Scope
Deployments: Sepolia
V1 Core:
| Target URL | Type |
|---|---|
| MarginalV1Factory.sol | MarginalV1Factory |
| MarginalV1Pool.sol | MarginalV1Pool |
V1 Periphery:
| Target URL | Type |
|---|---|
| NonfungiblePositionManager.sol | NonfungiblePositionManager |
| Router.sol | Router |
| Quoter.sol | Quoter |
| Oracle.sol | Oracle |
| PoolInitializer.sol | PoolInitializer |
| PairArbitrageur.sol | PairArbitrageur |
Severity Definitions
Smart Contracts
| Severity level | Impact: High | Impact: Medium |
|---|---|---|
| Likelihood:high | $100,000.00 | - |
| Likelihood:medium | - | - |
Out of Scope (all repositories)
Known Issues
Known issues from previous security reviews are considered out of scope.
Specific Types of Issues
- Informational findings.
- Design choices related to protocol.
- Issues that are ultimately user errors and can easily be caught in the frontend. For example, transfers to
address(0). - Oracle manipulation attacks.
- Rounding errors.
- Relatively high gas consumption.
- Extreme market turmoil vulnerability.
Prohibited Actions
- Live testing on public chains, including public mainnet deployments and public testnet deployments.
- We recommend testing on local forks, for example using foundry.
- Public disclosure of bugs without the consent of the protocol team.
- Conflict of Interest: any employee or contractor working with Project Entity cannot participate in the Bug Bounty.
Summary
Status
LiveTotal reward:
$100,000 USDC
Start date:
8 Jul 2024 4:00pm (local time)
You need to be logged in as a researcher in order to join.