OpportunitiesLeaderboardAbout Cantina

High-signal. Comprehensive bug coverage.

Innovative and familiar platform for competitive code review. Reduces the friction from discovery to submission, from judging to payout.

Book a competition
Hero Image

See documentation →

Competition cover
Live

Aqua Network / Aquarius

This is the AMM protocol built on Stellar smart contract platform (Soroban) that allows spinning up 2 types of pools: volatile (inspired by Uniswap V2) and stable (inspired by Curve), as well as swapping assets in these pools including multihop routes where assetA is swapped into assetC with 2 swaps A=>B and B=>C in case A/C pool does not exist.

Prize distribution and scoring

  • Total Prize Pool: $110,000

  • Primary Pize Pool: $90,000

  • Formal Verification Pool: $20,000

  • Additional pay for dedicated Cantina researcher: $10,000

  • $10,000 of the primary prize pool is reserved for Low Severity and Informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: $5k
    • 2nd: $2.5k
    • 3rd: $1.25k
    • 4th: $625
    • 5th: $625

  • Scoring described in the competition scoring page.

  • Findings Severities described in detail on our docs page.

  • Formal Verification

Documentation

Scope

Important

Please note that the if there are any critical findings discovered during the competition, the team will be fixing it immediately. And these findings would be considered out of scope once the fixes are public

Build Instructions

  • Build instructions can be found here

Basic POC Test

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$110,000

7 May 2025 - 18 Jun 2025

Live
Competition cover
Live

Space and Time / SXT

Space and Time is the Microsoft-backed blockchain for ZK-proven data. Secured by Proof of SQL, the first sub-second ZK coprocessor.

The codebase is broken into several repos:

  • sxt-node is a substrate based blockchain that essentially a database, responsible for accepting data inserts, and at a high level, computing commitments of that data
  • sxt-proof-of-sql is a protocol that enables cryptographic guarantees on SQL queries against a database
  • sxt-node-op-contracts is a set of EVM smart contracts designed to work with sxt-node, in particular, responsible for staking
  • sxt-zkpay-contracts is a set of EVM smart contracts that enable on chain payments
  • sxt-token is a standard ERC20 token contract along with some simple related utility contracts

Prize distribution and scoring

  • Total Prize Pool: $ 100,000

  • The prize distribution has 4 possible triggers:

    • If no valid high and only medium severity findings are found, the total pot size is $10,000
    • If one high severity finding is found, the total pot size is $40,000
    • If two high severity findings are found, the total pot size is $70,000
    • If three high severity findings are found, the total pot size is $100,000

  • Scoring described in the competition scoring page.

Severity and Rewards

Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.

Likelihood \ ImpactHighMediumLow
HighHighHighMedium
MediumHighMediumLow
LowMediumLowInformational

Please note these definitions exist on top of the current definitions

Impact Definitions:

  • High Impact:

    • Loss of Core Protocol Funds: A vulnerability that could lead to a significant amount of protocol funds being stolen or lost via draining existing funds.
    • Breaks Core Functionality: Causes an irrecoverable failure in fundamental protocol operations.

  • Medium Impact:

    • Breaks Non-Core Functionality: Causes a failure in protocol operations that isn’t essential to the operation of the overall protocol.

Likelihood Definition:

  • High Likelihood
    • Issues that can be triggered by any user, without significant constraints and will generate outsized returns to the exploiter

Scope

Important

Please note the following repo sxt-proof-of-sql will include some known issues by May 10th(tentative). Please wait for these updates on the page and these findings will not be considered valid and will be marked our of scope regardless of when they were submitted.

Build Instructions:

Build instructions can be found below:

Basic POC Test

  • POC must be provided upon request for this competition

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$100,000

2 May 2025 - 22 May 2025

Live
Competition cover
Live

Mystic Finance / mystic-monorepo

The Mystic Finance making a environment dedicated to RWA-backed lending which takes RWA's different characteristics into account and not only supports them, but leverages them to their full potential.

Prize distribution and scoring

  • Public Prize Pool: $ 13,000

  • Additional pay for dedicated Cantina researcher: $2,000

  • Scoring described in the competition scoring page.

  • Findings Severities described in detail on our docs page.

Documentation

1. Mystic Leverage:

Overview

  • The Mystic Leverage System extends Morpho’s Bundler3 multicall framework to enable atomic leveraged positions using flash loans and DEX swaps. All operations (open, close, adjust) occur in a single bundled transaction, enforcing safety checks (max leverage, price deviation, health factor) before finalizing.
    GitHub

Core Contracts & Code Highlights:

  • MysticLeverageBundler.sol:

    • Entrypoint: createOpenLeverageBundle orchestrates flash loan borrows, token swaps via Maverick DEX, and collateral adjustments. Tracks per-user positions and total exposure.

  • MorphoLeverageBundler.sol:

    • Entrypoint: createOpenLeverageBundle orchestrates flash loan borrows, token swaps via Maverick DEX, and collateral adjustments. Tracks per-user positions and total exposure for morpho markets.

  • MysticAdapter.sol

    • Abstracts Aave V3 fork lending operations: supply(), withdraw(), borrow(), repay(), and flash loan callbacks. Provides price and liquidity oracles, plus account health queries.

  • MaverickAdapter.sol

    • Wraps Maverick DEX swaps, offering swapExactIn()/swapExactOut() with slippage guards. Auto-selects best liquidity pool.

    All calls routed through Bundler3’s transient initiator context for authorization

2. Aave V3 Deployment:

Overview:

  • This Hardhat project does the deployment of Aave V3 core and periphery contracts using hardhat-deploy.

Core Scripts & Configurations:

  • Deployment Scripts (deploy/00-core → 03-periphery_post)
    • 00-core: Deploys PoolAddressesProvider, lending pools, and auxiliary contracts.
    • 01-periphery_pre & 03-periphery_post: Deploy periphery modules like UiPoolDataProvider, Oracle, and stable/variable rate helpers.
    • 02-market: Configures new market parameters (e.g., collateral factors, assets) via markets/plume/index.ts

3. Staked Plume (Liquid Staking):

Overview:

  • A fork of Frax’s frxETH public repo, this module implements stPlume an wrapped stPlume, on top of a native staking minter. It includes validator management via an OperatorRegistry and an ERC4626-based vault (sfrxETH.sol). It is built to integrate with the Plume staking contracts

Core Contracts & Code Highlights:

  • stPlumeMinter.sol: Extends frxETHMinter to support unstaking and reward claiming workflows specific to Plume’s staking network.
  • OperatorRegistry.sol: On-chain registry of validator id.
  • sfrxETH.sol: ERC4626 vault wrapping stPlume; automatically compounds staking yield by increasing pricePerShare. Permit2 support for seamless integrations

Code walkthroughs:

Scope

  • Repository: bundler3

    • Total LOC: 846 LOC
    • Files:
      • src/calls/MysticLeverageBundler.sol
      • src/adapters/MysticAdapter.sol
      • src/calls/MorphoLeverageBundler.sol
      • src/adapters/MaverickAdapter.sol

  • Repository: Liquid-Staking

    • Total LOC: 677 LOC
    • Files:
      • stPlume/src/frxETHMinter.sol
      • stPlume/src/stPlumeMinter.sol
      • stPlume/src/OperatorRegistry.sol

  • Repository: aave-v3-deploy

    • Total LOC: 683 LOC
    • Files:
      • markets/plume/index.ts
      • tasks/misc/delist-new-tokens.ts
      • tasks/misc/list-new-tokens.ts

Build Instructions

For the solidity projects:
- forge build
- forge test --fork-url https://rpc.plume.com

For Hardhat project:
- npm run compile
- npm run test

POC Rule

  • Mandatory POC rule applies for this competition
    • aave-leverage-bundler/test/poc/poc.t.sol

Out of scope

  • Issues listed here: Liquid-Staking?tab=readme-ov-file#known-issues
  • Issues listed here: aave-fork-checklist
  • We treat leveraged asset pairs (e.g steth/eth) as if they maintain near-perfect price parity, so any risk arising from price divergence is considered out of scope
  • We’re operating under the premise that every role is fully trusted

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$13,000

13 May 2025 - 18 May 2025

Live
Competition cover
Reviewing Escalations

Ethereum Foundation / Pectra

Ethereum is a decentralized blockchain that exists whenever there are connected computers running software following the Ethereum protocol and adding to the Ethereum Blockchain.

$2,000,000

21 Feb 2025 - 27 Mar 2025

Reviewing Escalations
Competition cover
Judging

Mezo / mezo-monorepo

Mezo is a Bitcoin-centric platform designed to enhance Bitcoin’s utility through seamless borrowing, spending, and earning. Bitcoin has changed how people think about money, control, security, and transparency. Bitcoin excels as a store of value, but it currently lacks the tools to make it easily usable in everyday financial activities. Mezo bridges this gap by creating a Bitcoin-native ecosystem that transforms BTC from a static asset into a dynamic financial tool.

MUSD is a permissionless stablecoin 100% backed by Bitcoin reserves and designed to maintain a 1:1 peg with the U.S. dollar. It is the native stablecoin on Mezo, accessible via Mezo’s ‘Borrow’ feature or decentralized exchanges on Mezo Network, a chain with Bitcoin as the native asset.

Anyone can mint MUSD by depositing BTC into Mezo borrow, thus creating a loan position. Bitcoin collateral for MUSD positions is publicly verifiable onchain, and proof-of-reserves are viewable 24-7. Users can close their MUSD positions by returning the borrowed MUSD and accumulated interest to receive their initial Bitcoin collateral.

You can learn more at https://mezo.org/docs/users/musd

Prize distribution and scoring

Documentation

Scope

Build Instructions

Basic POC Test

  • Mandatory POC applies for for mUSD
    • Example test for the borrower operations contract that tests various user actions like opening troves, adjusting, etc can be found here
  • POC upon request applies for mezod
    • Example system tests can be found here

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$50,000

10 Apr 2025 - 1 May 2025

Judging
Competition cover
Judging

Alchemix / alchemix-v3

Alchemix lets you instantly access loans representing your collateral's future yield. Over time, the interest your deposit earns is used to repay your debt automatically. Alchemix loans are self-repaying, interest-free, and non-liquidating.

Prize distribution and scoring

Documentation

  • Please refer to the repository for the docs
Important

Please do not share the following explainer document anywhere. This is strictly for competition use only.

Scope

Note

  • Researchers can assume the price reported by the collateral to the alchemist is accurate and not subject to manipulation.
  • The only in-scope behavior related to the price is that it can be assumed that pricing is based on fundamental oracles - ie, a yield token with 1 eth of backing but a market price of 0.95 eth would be priced as 1 eth in the Alchemist.
  • The fact that the alAsset could temporarily depeg down to the market price of the yield token is know and acceptable behavior.
  • Any other scenario that would result in bad debt for the alchemist due to an exploit would be in-scope

Build Instructions

Tests need a forked environment (local node or RPC API key) due to integrations with other platforms.

Please note that we recommend consistently running off of the same block to get caching, the block given is the one we usually use:

  • forge test --fork-url <RPC-URL> --fork-block-number 21835200

Basic POC Test

The mandatory POC rule applies for this competition.

  • PositionDecay library
  • The vaults
  • StakingGraph

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$50,000

1 May 2025 - 15 May 2025

Judging
Competition cover
Judging

Mighty Finance / mighty-contracts

Mighty Finance is a DeFi platform designed for concentrated liquidity market making (CLMM) with leveraged positions. It enables users to open leveraged positions, maximizing capital efficiency.

Prize Distribution and Scoring

  • Total Public Pool: $25,000

  • Additional pay for dedicated Cantina steward: $5,000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Scope

Build Instructions

  • npx hardhat compile

POC rule

  • Mandatory POC rule does not apply for this competition

Out of Scope

$25,000

15 Apr 2025 - 6 May 2025

Judging
Competition cover
Escalations

infiniFi / infinifi-protocol

InfiniFi is a DeFi protocol that enables users to mint and redeem receipt tokens (iUSD) against collateral assets (USDC). The protocol features a sophisticated yield generation system through multiple farm integrations, a locking mechanism for enhanced rewards, and a governance system for farm allocation voting. It relies on reserve banking principles classifying Pendle and Ethena as illiquid/maturity farms and AAVE as liquid farm. By adjusting the ratio of deposits between liquid/illiquid it is capable of producing higher yields for both liquid and illiquid depositors.

Prize Distribution and Scoring

  • Total Public Pool: $35,000

  • Additional pay for dedicated Cantina researcher: $5,000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Protocol whitepaper, business requirements for this stage (MVP) and a high level contracts overview is at:

Scope

Build Instructions

Build instructions is provided in README:

Basic POC Test

Mandatory POC rule applies for this competition.

Out of scope

  • Spearbit Audit - note that all issues listed as acknowledged are out of scope.
  • Certora: Permanent reward dilution by state changes between startUnwinding and cancelUnwinding.
  • Certora: DoS with _revertIfThereAreUnaccruedLosses when safety buffer is empty
  • Certora: Strict equality check in LockingController.applyLosses might be inadequate due to division with rounding down happening prior to comparison.
  • External oracle manipulation such as assumptions of using Chainlink price feeds, etc.
  • Centralization issues: Protocol governor role will be behind a timelock contract suggesting that every operation will be visible to the users with a notice.
  • zapInAndLock function is out of scope
  • Automated findings by LightChaser

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$35,000

7 Apr 2025 - 28 Apr 2025

Escalations
Competition cover
Reviewing Escalations

Eigenlayer / eigenlayer-contracts

As a restaking platform, EigenLayer allows stakers to deposit assets and delegate stake to operators. Operators register for AVSs (Autonomous Verifiable Services), which are external platforms that leverage this stake to secure offchain processes. Currently, the operator/AVS relationship is limited to registration, deregistration, and rewards.

This competition will cover the major changes being made to the core restaking protocol. These changes include significant updates to most system contracts and introduce new contracts to manage slashing and slashable stake allocation.

Prize Distribution and Scoring

  • Total Prize Pool: $2,500,000

  • The prize pool is split into two prize pots:

    • Critical Pot: $2,000,000
      • If one or more valid critical severity findings are found, then this pool is unlocked and all the $2,000,000 is only dedicated to the critical findings.
    • High/Medium pot: $500,000
      • The prize distribution has 2 possible triggers:
        • If one or more valid medium severity findings are found, the total pot size is $200,000
        • If one or more valid high severity findings are found, the total pot size is $500,000

  • If there are no High or Medium severity findings, then there will be a low severity pot $20,000

    • Please note only the findings that add value to the protocol would be considered. Reviewers are then ranked from 1st to 5th for the purpose of prize allocation.
      • 1st: $10k
      • 2nd: $5k
      • 3rd: $2.5k
      • 4th: $1.25k
      • 5th: $1.25k

Early Submission Incentive

  • 30% bonus: Given the nature of the EigenLayer codebase & the timelines around it, Researchers are incentivized to submit Critical/High/Medium severity findings early, ie: as soon as one is found. The first valid submission will be rewarded an additional 30% reward, in comparison to its subsequent duplicates.
    • The finding must identify the root cause, highest valid impact and describe the finding with all the necessary details to consider it valid.
    • Please note that low quality or vague submissions or submissions that could be subject to interpretations will not be considered for the additional reward.
    • The escalation process will not apply for these rewards and there will be no discussion for these rewards. The decision made by the Judges/EigenLayer protocol team on these rewards will be final. Example: If a finding has 5 duplicates.
      • Using regular each of the duplicates would get $2000 each
      • With the current incentive of 30%. The earliest valid submission gets $2453.83, and the rest of the duplicates get $1886.79 each.

Severity definition:

Risk Classification Matrix

Severity levelImpact: HighImpact: MediumImpact: Low
Likelihood: HighCritical/High (Conditional)HighMedium
Likelihood: MediumHighMediumLow
Likelihood: LowMediumLowInformational

Critical severity:

  • If an attack can result in a profit of more than 1% of the TVL then this can be considered as a critical severity finding.
  • Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the loss amount for the finding to be considered Critical with absolutely no ambiguity.

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Scope

This review concerns the v1.3.0 release of the EigenLayer contracts, introducing slashing of restaked assets.

We will be upgrading our existing mainnet contracts to the slashing release, so ensuring this upgrade is compatible with our existing contracts is very important.

Timeline

The slashing release is expected to go to mainnet in April, 2025. The current version of the contracts is already live on two separate Holesky environments.

Release: eigenlayer-contracts/releases/tag/v1.3.0

Mandatory POC Rule:

  • The mandatory POC rule applies to this competition.
    • All Critical/High/Medium findings require a valid coded POC before the end of the competition.

Out of Scope

  • The following known issues with v1.3.0 Pectra compatibility are out of scope, as we will be handling them in a separate release:
    • Proof sizes are changing; we do not support the new Pectra proofs in this scope
    • We do not support verifying validators with 0x02 withdrawal credentials, though it is possible for existing verified validators to be the target of consolidation outside of a pod, moving them to 0x02 credentials.
    • We do not support validator consolidation or execution layer triggered withdrawals
  • Test files
  • Tools and offchain components
  • Anything in /scripts/ folder ( eg: upgrade scripts)
  • Our current Holesky contracts are on a slightly stale version of Slashing. Because of the current state of Holesky.
  • All risks/edge cases mentioned in the above documentation are OOS

Previous Audits

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$2,500,000

7 Mar 2025 - 28 Mar 2025

Reviewing Escalations
Competition cover
Reviewing Escalations

Liquity / liquity-bold

Liquity v2 is a collateralized debt platform. Users can lock up WETH and/or select LSTs, and issue stablecoin tokens (BOLD) to their own Ethereum address. The individual collateralized debt positions are called Troves. The stablecoin tokens are economically geared towards maintaining value of 1 BOLD = $1 USD, due to the following properties:

  • The system is designed to always be over-collateralized - the dollar value of the locked collateral exceeds the dollar value of the issued stablecoins.
  • The stablecoins are fully redeemable - users can always swap x BOLD for $x worth of a mix of WETH and LSTs (minus fees), directly with the system.
  • The system incorporates an adaptive interest rate mechanism, managing the attractiveness and thus the demand for holding and borrowing the stablecoin in a market-driven way.

Upon opening a Trove by depositing a viable collateral ERC20, users may issue ("borrow") BOLD tokens such that the collateralization ratio of their Trove remains above the minimum collateral ratio (MCR) for their collateral branch. For example, for an MCR of 110%, a user with $10000 worth of WETH in a Trove can issue up to 9090.90 BOLD against it.

The BOLD tokens are freely exchangeable - any Ethereum address can send or receive BOLD tokens, whether it has an open Trove or not. The BOLD tokens are burned upon repayment of a Trove's debt.

The Liquity v2 system prices collateral via Chainlink oracles. When a Trove falls below the MCR, it is considered under-collateralized, and is vulnerable to liquidation.

Prize distribution and scoring

  • Total Prize Pool: $350,000

  • The prize distribution has 3 possible triggers:

    • If one or more valid critical severity findings are found, the total pot size is $350,000

    • If one or more valid high severity but no critical severity findings are found, the total pot size is $250,000

    • If one or more valid medium severity but no critical or high severity findings are found, the total pot size is $125,000

  • $7500 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: $3,650
    • 2nd: $1,825
    • 3rd: $1,095
    • 4th: $465
    • 5th: $465

Severity definition:

Risk Classification Matrix

Severity levelImpact: HighImpact: MediumImpact: Low
Likelihood: HighCritical/High (Conditional)HighMedium
Likelihood: MediumHighMediumLow
Likelihood: LowMediumLowInformational

Critical severity:

  • Critical severity is unlocked if a High severity finding results in losses from 10%-100% of the total TVL, using the split of Liquity V2 on mainnet as of 11 February 2025 (https://dune.com/liquity/liquity-v2).

  • Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the loss amount for the finding to be considered Critical with absolutely no ambiguity

  • Scoring described in the competition scoring page.

  • Findings Severities described in detail on our docs page.

Early Submission Incentive

To make sure the Liquity Protocol launch is completed on schedule, researchers are incentivized to submit Critical/High/Medium severity findings early, ie: as soon as one is found. The first valid submission will be rewarded an additional 20% reward, in comparison to its subsequent duplicates.

  • The finding must identify the root cause, highest valid impact and describe the finding with all the necessary details to consider it valid.
  • Please note that low quality or vague submissions or submissions that could be subject to interpretations will not be considered for the additional reward.
  • The escalation process will not apply for these rewards and there will be no discussion for these rewards. The decision made by the Judges/Liquity protocol team on these rewards will be final.
  • Example: If a finding has 5 duplicates.
    • Using regular each of the duplicates would get $2000 each
    • With the current incentive of 20%. The earliest valid submission gets $2307.72, and the rest of the duplicates get $1923.07 each.

Documentation

Scope

/contracts/src├── ActivePool.sol├── AddressesRegistry.sol├── BoldToken.sol├── BorrowerOperations.sol├── CollateralRegistry.sol├── CollSurplusPool.sol├── DefaultPool.sol├── Dependencies│   ├── AddRemoveManagers.sol│   ├── AggregatorV3Interface.sol│   ├── Constants.sol│   ├── LiquityBase.sol│   ├── LiquityMath.sol│   └── Ownable.sol├── GasPool.sol├── Interfaces│   ├── IActivePool.sol│   ├── IAddRemoveManagers.sol│   ├── IAddressesRegistry.sol│   ├── IBoldRewardsReceiver.sol│   ├── IBoldToken.sol│   ├── IBorrowerOperations.sol│   ├── ICollateralRegistry.sol│   ├── ICollSurplusPool.sol│   ├── ICommunityIssuance.sol│   ├── IDefaultPool.sol│   ├── IInterestRouter.sol│   ├── ILiquityBase.sol│   ├── ILQTYStaking.sol│   ├── ILQTYToken.sol│   ├── IMainnetPriceFeed.sol│   ├── IPriceFeed.sol│   ├── IRETHPriceFeed.sol│   ├── IRETHToken.sol│   ├── ISortedTroves.sol│   ├── IStabilityPoolEvents.sol│   ├── IStabilityPool.sol│   ├── ITroveEvents.sol│   ├── ITroveManager.sol│   ├── ITroveNFT.sol│   ├── IWETH.sol│   ├── IWSTETHPriceFeed.sol│   └── IWSTETH.sol├── PriceFeeds│   ├── CompositePriceFeed.sol│   ├── MainnetPriceFeedBase.sol│   ├── RETHPriceFeed.sol│   ├── WETHPriceFeed.sol│   └── WSTETHPriceFeed.sol├── SortedTroves.sol├── StabilityPool.sol├── TroveManager.sol├── TroveNFT.sol├── Types│   ├── BatchId.sol│   ├── LatestBatchData.sol│   ├── LatestTroveData.sol│   ├── TroveChange.sol│   └── TroveId.sol└── Zappers    ├── BaseZapper.sol    ├── GasCompZapper.sol    ├── Interfaces    │   ├── IExchange.sol    │   ├── IExchangeHelpers.sol    │   ├── IFlashLoanProvider.sol    │   ├── IFlashLoanReceiver.sol    │   └── ILeverageZapper.sol    │   └── IZapper.sol    ├── LeftoversSweep.sol    ├── LeverageLSTZapper.sol    ├── LeverageWETHZapper.sol    ├── Modules    │   ├── Exchanges    │   │   ├── HybridCurveUniV3Exchange.sol    │   │   └── HybridCurveUniV3ExchangeHelpers.sol    │   └── FlashLoans    │       ├── BalancerFlashLoan.sol    │       ├── Balancer    │           └── vault    │               ├── IFlashLoanRecipient.sol    │               └── IVault.sol    └── WETHZapper.sol
  • Commit: 3533291df7a0610bd32421e09f5fbd779e2a342e
  • Total LOC: 6535
Note

Since the code has already undergone multiple audits, we believe reviews of the more complex aspects of the system will be most fruitful. That is:

  • Trove batches and batch management logic
  • Individual and aggregate interest accrual
  • Stability Pool - liquidations and reward arithmetic
  • Redistribution liquidations

Build Instructions

  • Please refer to the README of github repo for instructions
  • In the branch testing-sp there’s a permissionless version of the StabilityPool, which can be called directly without needing to open troves. It can be useful for fuzzing or testing mathematical properties. An example of use can be found in test/spPermissionless.t.sol

POC Rule

  • Mandatory POC rule applies for this competition

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$350,000

21 Mar 2025 - 27 Apr 2025

Reviewing Escalations
Competition cover
Reviewing Escalations

optimism-java / optimism-java

Hildr implements the OP Stack consensus client, with core functionalities developed according to the Rollup Node spec, essentially equivalent to the op-node (excluding the sequencer) functionalities.

Op-besu implements the OP Stack execution client, with core functionalities developed according to the Execution Engine spec, essentially equivalent to the op-geth functionalities.

Prize distribution and scoring

  • Total Prize Pool: 117,362 OP Tokens

  • Primary Prize Pool: 111,362 OP Tokens

  • 6000 OP tokens is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: 3000 OP
    • 2nd: 1500 OP
    • 3rd: 800 OP
    • 4th: 350 OP
    • 5th: 350 OP

  • Scoring described in the competition scoring page.

  • Findings Severities described in detail on our docs page.

Severity definitions

In addition to the standard severity matrix that applies to the findings below are the categories that the findings may classify into:

  • High Severity: Violation of the OP Stack protocol leading to chain forks, as well as serious security issues causing the program to be controlled, or serious performance issues causing the program to fail to operate normally
  • Medium Severity: General performance issues lead to slow program execution, which will not cause deviations in protocol implementation that result in chain forks, and lower-level security issues.
  • Low Severity & Informational: Errors in documentation comments or test code, and optimizable code that does not affect functionality and performance

Documentation

  • Op-besu is a fork of Hyperledger Besu, you could read the document here. And we have a fork diff site, you can read what codes we modified.

Hildr Directory Overview:

  • cli: Command line interface features.
  • config: Configuration file parsing features.
  • derive: Features related to OP Stack derivation.
  • driver: Polling L1 and triggering derivation features.
  • engine: Execution engine interaction features.
  • exceptions: Definitions for various exceptions.
  • l1: Features related to polling L1.
  • network: P2P unsafe block features.
  • rpc: Rollup node RPC interface features.
  • runner: Main program entry point.
  • telemetry: Metrics and telemetry features.
  • types: Data class features.
  • utilities: Helper class features.
  • Hildr: Main method entry point.

Scope

Hildr

op-besu

Build Instructions

  • Op-besu: you could read the doc here or Hyperledger Besu doc .
  • Hildr: you could read the doc here or readme.

Basic POC Test:

  • Op-besu: All the unit tests or integration tests can be referenced. You can find them in the test source dir. For Example.
  • Hildr: All the unit tests can be referenced. You can find them in the test source dir. For Example.

Out of scope

  • Op-besu is a fork of Hyperledger Besu, we only modified around 4k LOC, you could read the fork diff site , only code that affects the op-besu functionality is considered within scope, other things are considered out of scope
  • Hildr currently only implements the verifier function and does not implement the sequencer function. The sequencer part of the code is not fully implemented and is not within the scope.

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

117,362 OP

7 Oct 2024 - 28 Oct 2024

Reviewing Escalations
Competition cover
Reviewing Escalations

Velvet Capital / velvet-v4

Velvet.Capital is an Intent Operating System for DeFi which aims to streamline onchain portfolio management.

Prize Distribution and Scoring

  • Total Prize Pool: $60,000

  • Additional pay for dedicated Cantina researcher: $40,000

  • Primary Prize Pool: $57,000

  • $3,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: $1000
    • 2nd: $700
    • 3rd: $500
    • 4th: $400
    • 5th: $400

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Scope

Build Instructions

  • Build instructions are provided in README

Basic POC Test

  • POC rule applies for this competition. A coded POC must be provided for all H/M findings before end of competition.

Out of scope

Important

The following findings have been fixed publicly by the team during the competition. These would be considered out of scope if submitted after the fixes were made.

  • Out of scope Folders:
    • contracts/front-end-helpers
    • contracts/mock
    • tasks
    • scripts

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$60,000

19 Feb 2025 - 9 Apr 2025

Reviewing Escalations
Private competition cover
Reviewing Escalations

Invite-only Competition

This is a private competition. Only Cantina Fellowship members are invited to participate. Find out more about joining the Fellowship here.

$40,000

4 Apr 2025 - 24 Apr 2025

Reviewing Escalations
Competition cover
Reviewing Escalations

Metropolis / liquidity-book-vaults

Maker Vault Code Introduction: Maker Vaults are fully on-chain, non-custodial smart contracts that deploy and manage liquidity into DLMM pools. Managed by wallets, these vaults simplify liquidity provisioning while ensuring transparency.

Core Features:

  • Open for All: Create and manage an own vault with a one-time creation fee of 400 $S.
  • 1-Click Participation: Users can join existing vaults effortlessly, eliminating the complexity of adjusting positions to market volatility.
  • Earnings for Vault Operators: Vault operators set an AUM fee (0.5%–10%) for their services.
  • Earnings for Vault Participants: Vault participants earn all the trading fees and farming rewards. Trading Fees are auto-compounded and rewards like Metro need to be claimed.

Vault operators have full control to adjust DLMM positions and use the built-in reserve to strategically park unallocated funds. However, they never have direct access to the funds themselves, which are held by the smart contract.

Prize distribution and scoring

  • Total Public Pool: $25,000
  • Additional pay for dedicated Cantina researcher: $7,000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Scope

Build Instructions

  • Download the repository from here
  • Install the libraries: 
    • forge install --no-git wighawag/clones-with-immutable-args@32ae0a3 \ foundry-rs/forge-std@5086c7a \ traderjoe-xyz/joe-v2@0e422c2 \ traderjoe-xyz/joe-v2-periphery@3bc079c \ OpenZeppelin/openzeppelin-contracts@d00acef \ OpenZeppelin/openzeppelin-contracts-upgradeable@f6c4c9c
  • forge build

Basic POC Test

Mandatory rule applies for this competition

  • test/01_PoC.t.sol

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

$25,000

2 Apr 2025 - 20 Apr 2025

Reviewing Escalations
Competition cover
Reviewing Escalations

Gamma Strategies / gamma-univ4-limit-orders

A comprehensive limit order system for Uniswap v4 pools, enabling limit orders and scale orders with keeper functionality and fee management.

Prize distribution and scoring

  • Total Prize Pool: 20,000 OP

Additional pay for dedicated Cantina Fellow: 3,400 OP

Documentation

  • Documentation is provided in the README here

Scope

  • Repository: https://cantina.xyz/code/aaf79192-6ea7-4b1e-aed7-3d23212dd0f1
  • Total LOC: ~1810
  • Files:
    • Everything in /src EXCEPT for LimitOrderLens.sol
      • LimitOrderManager.sol → main contract
      • LimitOrderHook.sol → hook contract
      • PositionManagement.sol → library
      • TickLibrary.sol → library
      • CurrencySettler.sol → library
      • CallbackHandler.sol → library
      • ILimitOrderManager.sol → interface

Build Instructions

  • Please refer the Setup Instructions in the README

Basic POC Test

  • Mandatory POC applies for this competition
  • Please see all tests in the test directory and look at the setup and tests. Foundry tests would be preferred.

Out of scope

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

20,000 OP

28 Apr 2025 - 5 May 2025

Reviewing Escalations