Innovative and familiar platform for competitive code review. Reduces the friction from discovery to submission, from judging to payout.
Aave v3 is a liquidity protocol running on multiple EVM-compatible networks, where user can supply and borrow liquidity.
The v3.1 version target of this competition is an upgrade of the implementation smart contracts of Aave v3, focusing on improving its security and different operational aspects. More extensive information about Aave v3.1 can be found on the Aave governance forum HERE.
Total Prize Pool $150,000
Repository: github.com/aave-dao/aave-v3-origin Commit: 38e7cfb49069837fae99750d8db37f19735fedd7
Repository: github.com/bgd-labs/protocol-v3.1-upgrade Commit: a80a0fb843e4aef524bad5acd8185a470d5d712f
Only the logic affected by the 3.1 code changes is in-scope. However, unintended consequences of these changes on other logic of Aave v3 core contracts eligible for prizes on the contest.
For a more clear overview of the exact changes between Aave v3 and Aave v3.1, we recommend to check the diff files on the codebase included HERE.
The 2 repositories in scope contain instructions to setup the project and run tests:
Both are standard Foundry-based repositories.
For tests/PoC on a local test environment with a clean deployment of Aave v3.1, a basic template can be found on https://github.com/aave-dao/aave-v3-origin/blob/main/tests/template/BaseTest.t.sol
To do any tests/PoC based on 3.1 being applied in production, a basic template can be found on https://github.com/bgd-labs/protocol-v3.1-upgrade/blob/main/tests/template/EthereumBaseTest.t.sol
POOL_ADMIN
role passing wrong parameters.For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
150,000 GHO
10 May 2024 - 20 May 2024
Curvance is a cross-chain money market for yield bearing assets. Maximize yield while leveraging the full value of your assets. Curvance simplifies DeFi, with a modular system capable of creating complex strategies for users in a single click.
Curvance operates as a hybrid model between a yield optimizer and a cross-margin money market. This model has various characteristics atypical for incumbent money markets such as:
The "contracts" folder contains all the smart contracts you will be auditing, excluding:
Two solady contracts developed by Vectorized have been included in the audit as we are huge advocates for highly optimized versions of common contract formats and would like to see these fully audited. This means the partial FixedPointMathLib contract, and ERC4626 contracts inside the library folder are intentionally included, and are considered in scope.
File | blank | comment | code |
---|---|---|---|
Architecture | |||
./architecture/CentralRegistry.sol | 226 | 444 | 607 |
./architecture/FeeAccumulator.sol | 122 | 202 | 536 |
./architecture/ProtocolMessagingHub.sol | 73 | 142 | 353 |
./architecture/blastNative/BlastNativeYieldManager.sol | 82 | 132 | 292 |
./architecture/utils/SimpleRewardZapper.sol | 86 | 157 | 240 |
./architecture/FeeTokenBridgingHub.sol | 36 | 41 | 166 |
./architecture/CVELocker.sol | 87 | 225 | 360 |
./architecture/OneBalanceFeeManager.sol | 34 | 36 | 103 |
./architecture/CurvanceDAOTimelock.sol | 14 | 14 | 52 |
./architecture/blastNative/BlastCentralRegistry.sol | 28 | 44 | 83 |
./architecture/blastNative/BlastFeeAccumulator.sol | 5 | 2 | 12 |
./architecture/utils/blastNative/BlastSimpleRewardZapper.sol | 5 | 2 | 12 |
./architecture/blastNative/BlastProtocolMessagingHub.sol | 5 | 2 | 10 |
./architecture/blastNative/BlastCVELocker.sol | 5 | 2 | 9 |
Gauge | |||
./gauge/GaugePool.sol | 102 | 197 | 425 |
./gauge/GaugeController.sol | 32 | 49 | 116 |
./gauge/GaugeErrors.sol | 1 | 1 | 12 |
./gauge/blastNative/BlastGaugePool.sol | 5 | 2 | 10 |
Interfaces | |||
./interfaces/market/IMarketManager.sol | 25 | 116 | 90 |
./interfaces/ICentralRegistry.sol | 48 | 63 | 78 |
./interfaces/market/IMToken.sol | 25 | 102 | 53 |
./interfaces/IVeCVE.sol | 11 | 39 | 36 |
./interfaces/ICVELocker.sol | 14 | 65 | 31 |
./interfaces/market/IInterestRateModel.sol | 1 | 32 | 30 |
./interfaces/IProtocolMessagingHub.sol | 7 | 34 | 26 |
./interfaces/IERC20.sol | 14 | 32 | 25 |
./interfaces/IGaugePool.sol | 5 | 27 | 25 |
./interfaces/IOracleRouter.sol | 7 | 45 | 25 |
./interfaces/blast/IBlastNativeYieldManager.sol | 1 | 27 | 22 |
./interfaces/market/IPositionFolding.sol | 2 | 22 | 15 |
./interfaces/IOracleAdaptor.sol | 3 | 17 | 14 |
./interfaces/IRewardStaking.sol | 11 | 1 | 14 |
./interfaces/IFeeAccumulator.sol | 2 | 4 | 12 |
./interfaces/ICVXLocker.sol | 3 | 4 | 10 |
./interfaces/IGelatoOneBalance.sol | 2 | 1 | 9 |
./interfaces/ICVE.sol | 5 | 21 | 8 |
./interfaces/IExternalCallDataChecker.sol | 2 | 7 | 8 |
./interfaces/IERC20Metadata.sol | 5 | 5 | 7 |
./interfaces/IDelegateRegistry.sol | 3 | 1 | 6 |
./interfaces/IWETH.sol | 2 | 1 | 5 |
./interfaces/blast/IBlastCentralRegistry.sol | 2 | 1 | 5 |
./interfaces/IERC165.sol | 1 | 18 | 4 |
./interfaces/ITimelock.sol | 1 | 3 | 4 |
Libraries | |||
./libraries/ERC4626.sol | 51 | 260 | 216 |
./libraries/VelodromeLib.sol | 37 | 69 | 199 |
./libraries/CurveLib.sol | 22 | 35 | 123 |
./libraries/BalancerLib.sol | 15 | 30 | 104 |
./libraries/SwapperLib.sol | 27 | 49 | 104 |
./libraries/Delegable.sol | 23 | 55 | 66 |
./libraries/FixedPointMathLib.sol | 23 | 83 | 93 |
./libraries/Bytes32Helper.sol | 13 | 19 | 31 |
./libraries/ReentrancyGuard.sol | 7 | 21 | 27 |
./libraries/BlastYieldDelegable.sol | 7 | 12 | 23 |
./libraries/CommonLib.sol | 5 | 8 | 15 |
./libraries/Constants.sol | 7 | 7 | 7 |
Market | |||
./market/MarketManager.sol | 207 | 587 | 926 |
./market/collateral/DToken.sol | 192 | 507 | 731 |
./market/utils/ComplexZapper.sol | 73 | 289 | 478 |
./market/collateral/CTokenBase.sol | 103 | 389 | 459 |
./market/LiquidityManager.sol | 60 | 268 | 445 |
./market/DynamicInterestRateModel.sol | 85 | 408 | 444 |
./market/collateral/CTokenCompounding.sol | 96 | 274 | 398 |
./market/utils/PositionFolding.sol | 85 | 203 | 361 |
./market/collateral/AuraCToken.sol | 61 | 80 | 217 |
./market/collateral/GMCToken.sol | 65 | 67 | 205 |
./market/utils/SimpleZapper.sol | 50 | 98 | 202 |
./market/collateral/Convex2PoolCToken.sol | 62 | 72 | 189 |
./market/collateral/Convex3PoolCToken.sol | 62 | 72 | 189 |
./market/collateral/CTokenPrimitive.sol | 48 | 130 | 186 |
./market/collateral/PendleLPCToken.sol | 48 | 62 | 182 |
./market/checker/CallDataCheckerFor1Inch.sol | 27 | 10 | 164 |
./market/collateral/AerodromeStableCToken.sol | 44 | 64 | 156 |
./market/collateral/VelodromeStableCToken.sol | 44 | 63 | 156 |
./market/collateral/AerodromeVolatileCToken.sol | 42 | 63 | 153 |
./market/collateral/VelodromeVolatileCToken.sol | 44 | 54 | 153 |
./market/collateral/StakedGMXCToken.sol | 37 | 38 | 100 |
./market/checker/CallDataCheckerBase.sol | 20 | 34 | 75 |
./market/collateral/CTokenCompoundingWithExitFee.sol | 23 | 57 | 47 |
./market/collateral/blastNative/BlastCTokenCompounding.sol | 13 | 15 | 41 |
./market/utils/BorrowZapper.sol | 15 | 17 | 49 |
./market/collateral/blastNative/BlastDToken.sol | 5 | 2 | 16 |
./market/utils/blastNative/BlastComplexZapper.sol | 5 | 2 | 14 |
./market/utils/blastNative/BlastSimpleZapper.sol | 5 | 2 | 14 |
./market/blastNative/BlastMarketManager.sol | 5 | 2 | 12 |
./market/utils/blastNative/BlastPositionFolding.sol | 5 | 2 | 12 |
./market/utils/blastNative/BlastBorrowZapper.sol | 5 | 2 | 10 |
Misc | |||
./misc/CVEInitialDistribution.sol | 49 | 68 | 196 |
./misc/CurvanceDAOLBP.sol | 56 | 66 | 189 |
Oracles | |||
./oracles/OracleRouter.sol | 133 | 374 | 497 |
./oracles/adaptors/curve/Curve2PoolLPAdaptor.sol | 59 | 124 | 234 |
./oracles/adaptors/gmx/GMAdaptor.sol | 56 | 73 | 173 |
./oracles/adaptors/chainlink/ChainlinkAdaptor.sol | 50 | 100 | 165 |
./oracles/adaptors/uniswap/UniswapV3Adaptor.sol | 48 | 70 | 155 |
./oracles/adaptors/api3/Api3Adaptor.sol | 47 | 87 | 142 |
./oracles/adaptors/redstone/BaseRedstoneCoreAdaptor.sol | 44 | 95 | 132 |
./oracles/adaptors/uniV2Base/BaseStableLPAdaptor.sol | 33 | 79 | 127 |
./oracles/adaptors/balancer/BalancerStablePoolAdaptor.sol | 42 | 60 | 123 |
./oracles/adaptors/pendle/PendlePrincipalTokenAdaptor.sol | 42 | 62 | 119 |
./oracles/adaptors/pendle/PendleLPTokenAdaptor.sol | 41 | 63 | 118 |
./oracles/adaptors/uniV2Base/BaseVolatileLPAdaptor.sol | 32 | 71 | 99 |
./oracles/adaptors/wrappedAggregators/BaseWrappedAggregator.sol | 22 | 32 | 88 |
./oracles/adaptors/curve/CurveBaseAdaptor.sol | 24 | 29 | 66 |
./oracles/adaptors/redstone/ArbitrumRedstoneCoreAdaptor.sol | 12 | 11 | 20 |
./oracles/adaptors/redstone/EthereumRedstoneCoreAdaptor.sol | 12 | 11 | 20 |
./oracles/adaptors/wrappedAggregators/SavingsDaiAggregator.sol | 6 | 7 | 25 |
./oracles/adaptors/wrappedAggregators/StakedFraxAggregator.sol | 7 | 7 | 24 |
./oracles/adaptors/wrappedAggregators/WstETHAggregator.sol | 7 | 6 | 24 |
./oracles/adaptors/velodrome/VelodromeVolatileLPAdaptor.sol | 15 | 15 | 40 |
./oracles/adaptors/camelot/CamelotStableLPAdaptor.sol | 15 | 15 | 36 |
./oracles/adaptors/camelot/CamelotVolatileLPAdaptor.sol | 15 | 15 | 36 |
./oracles/adaptors/velodrome/VelodromeStableLPAdaptor.sol | 15 | 15 | 36 |
./oracles/adaptors/balancer/BalancerBaseAdaptor.sol | 15 | 46 | 29 |
./oracles/adaptors/BaseOracleAdaptor.sol | 19 | 30 | 40 |
Token | |||
./token/VeCVE.sol | 191 | 471 | 784 |
./token/OCVE.sol | 55 | 57 | 184 |
./token/CVE.sol | 53 | 81 | 156 |
./token/ChildCVE.sol | 27 | 39 | 86 |
./token/blastNative/BlastCVE.sol | 5 | 2 | 8 |
./token/blastNative/BlastVeCVE.sol | 5 | 2 | 8 |
SUM: | 4333 | 9363 | 16120 |
The project readme details the build instructions.
From the CANTINA_README:
### Tests
Attached in this repo you will find just over 1,000 tests in categories such as unit tests/integration tests/stateless fuzzing tests. Additionally, you will also find a substantial stateful fuzzing testing harness with just over 200 invariants tests. This was built in collaboration with Trail of Bits and covers VeCVE and most of the Curvance Money Markets. You can also find an attached readme in the fuzzing suite folder covering running the harness locally or in the cloud. Other tests can be ran simply via forge tests. Additional information on running the test suite can be found in the repo readme.
### Proof of Concepts
As part of the test suite inside Curvance, you will find many testing base contracts that set up Curvance and test various functionality. These are perfect to utilize when you want to work on a proof on concept for a bug. Feel free to mess around with test suite and to modify the testing deployments for whichever scenarios you would like to explore.
For any issues or concerns regarding this competition, please reach out to core-team on discord.
$375,000 USDC
27 Feb 2024 - 15 Apr 2024
OP Labs has developed Safe Modules and a Safe Guard for use on the Security Council safe which is involved in upgrades to OP Mainnet and other chains in the Superchain.
These modules and guard provide additional security guarantees and add functionality to the Safe contract used by the Security Council, but are absolutely safety critical to ensure the ability to continue upgrading the system.
Total Prize Pool $75,000
The modules and guard of the Security Council Safe are outlined in the specs: security-council-safe.md.
This contest is focused on extensions to the Safe contracts, which control upgrades to OP Mainnet and other OP Chains.
We are particularly interested in identifying any attacks which could either:
A more thorough list of security properties is outlined in the specs linked to above.
Any inaccuracies in the Specs would be considered as a low finding.
Two possible configurations are being considered. Issues in either configuration are welcome.
The first configuration is as currently deployed to Sepolia.
The second configuration adds a Guardian safe which is a 1 of 1 controlled by the Security Council Safe. This configuration reduces the impact of a flaw in the DeputyGuardianModule which might somehow brick, or allow privilege escalation of, the Security Council Safe. In that event, an upgrade could be used to update the Guardian role.
The full suite of contracts can be built and tested with the following:
cd packages/contracts-bedrock
pnpm install
pnpm build
pnpm test
The ideal PoC would be based on a minimal modification of one of the existing relevant test files located in packages/contracts-bedrock/test/Safe
.
Note that any attacks which require a threshold of signers are out of scope.
$75,000 USDC
6 May 2024 - 10 May 2024
Welcome security researchers to the largest competition in history with Blast! Blast is an L2 for the Ethereum ecosystem introducing native yield for ETH and stablecoins.
Say goodbye to flipping tabs, using Discord, copying Github links, and the nuisances of the competition experience of the past and hello to...
Cantina Code. The ultimate code review experience built by security researchers for security researchers. It is our pleasure to have you - we hope you choose to stick around 🪐
Users transact in ETH. Dapps are built around ETH. Blast was designed from the ground up so that ETH itself is natively rebasing on the L2.
Blast only became possible this year following Ethereum's Shanghai upgrade. ETH yield from L1 staking, initially Lido, is automatically transferred to users via rebasing ETH on the L2.
Users who bridge stablecoins receive USDB, Blast's auto-rebasing stablecoin. The yield for USDB comes from MakerDAO's on-chain T-Bill protocol. USDB can be redeemed for USDC when bridging back to Ethereum.
Visit the blast.io for a complete project overview.
Check out the previously recorded code read through for the competition:
Blast Competition Live Code Walkthrough LINK TBD.
See the diff against ea28fd1a46e71f207954d60524bd82ee1df61235 which represents upstream to see our unique changes on the OP stack here.
Folder | File(s) |
---|---|
blast-optimism | packages/contracts-bedrock/src/L1/OptimismPortal.sol |
blast-optimism | packages/contracts-bedrock/src/L1/L1StandardBridge.sol |
blast-optimism | packages/contracts-bedrock/src/L1/L1CrossDomainMessenger.sol |
blast-optimism | packages/contracts-bedrock/src/L1/ResourceMetering.sol |
blast-optimism | packages/contracts-bedrock/src/L2/L2StandardBridge.sol |
blast-optimism | packages/contracts-bedrock/src/L2/L2CrossDomainMessenger.sol |
blast-optimism | packages/contracts-bedrock/src/L2/ERC20Rebasing.sol |
blast-optimism | packages/contracts-bedrock/src/L2/WETHRebasing.sol |
blast-optimism | packages/contracts-bedrock/src/L2/USDB.sol |
blast-optimism | packages/contracts-bedrock/src/L2/Shares.sol |
blast-optimism | packages/contracts-bedrock/src/L2/Gas.sol |
blast-optimism | packages/contracts-bedrock/src/L2/Blast.sol |
blast-optimism | packages/contracts-bedrock/src/mainnet-bridge/* |
blast-optimism | packages/contracts-bedrock/scripts/Deploy.s.sol |
blast-optimism | packages/contracts-bedrock/src/libraries/Predeploys.sol |
blast-optimism | op-chain-ops/* |
blast-geth | * , excluding *_test.go , ./tests/* , gen_*.go |
Folder | File(s) |
---|---|
blast-optimism | packages/contracts-bedrock/src/mainnet-bridge/yield-providers/TestnetYieldProvider.sol |
blast-optimism | packages/contracts-bedrock/src/mainnet-bridge/yield-providers/ETHTestnetYieldProvider.sol |
blast-optimism | packages/contracts-bedrock/src/mainnet-bridge/yield-providers/USDTestnetYieldProvider.sol |
Any acknowledged / won't fix findings on the previously published reviews will be considered out of scope.
Findings noted as fixed, that in fact are not fixed, or introduce new issues, are considered in scope:
All Informational findings are acknowledged. The remaining are noted below:
Blast team notes there is sufficient overlap with other already noted fixed or out of scope items.
Automated findings from 4naly3er.
Errors Tests, Mocks, Documentation files are considered out of scope. The exception being where implementation code does not adhere to spec (i.e. implementation errors in scope vs docs typos out of scope).
The following categories of issues are out of scope for this competition.
MiloTruck has put together a fantastic compilation of intro resources for understanding Blast at a base-level here.
Running Blast locally (against a local L1)
For any issues or concerns regarding Cantina Competitions or Cantina Code - please reach out to us at Cantina.
$1,200,000 USDC
30 Jan 2024 - 20 Feb 2024
Goat.Tech is a social-financial game, where users play by mainly staking ETH in each other’s “Trust Pool” to earn 10 types of rewards, increase reputation (Trust Score), and find out who’s the GOAT (highest Trust Score). Trust Score is fully on-chain; can be used to attract, assess, and target Web3 prospects. Who needs? KOLs, founders, investors, and more.
The contracts will be deployed on Arbitrum One. While we make sure that even devteam cannot touch users’ locked funds in the Locker contracts, we maintain a certain level of centralization in order to intervene when there are bugs or exploits or urgent needs to upgrade contracts. The Controller contract contains core logic and can be upgraded. Despite a certain level of centralization, it’s impossible for the development team to access users’ locked funds in Locker contracts.
There are 2 roles - owner and admin. All contracts have the same owner address. Owner can change admin addresses. In our case, admin addresses are internal contract addresses, not EOAs, so that only internal contracts can call each other. The natural process of software stability takes time and iteration. We’re committed to removing upgradability from our smart contracts, but this process must first run its course.
Total Prize Pool $ 80,000
ab6e96370ea6cf823ec1ac268521722b0e1f2d35
fb43992f33066f264ad12cc86c954f7f6f9c710a
Build Goat.Tech with Solidity 0.8.8
There are 8 contract files in the "Contracts" folder
There are 10 contract files in the "Modules" folder, which are repeatedly used code (to prevent code duplication)
In order to deploy all contracts —> please use scripts prepared here:
From 18 contract files above, 21 contracts have been successfully deployed on Sepolia Arbitrum testnet. The Dapp is live on Arb.Goat.Tech
Some of these contracts use the same code, for example DCT_earning and ETH_earning use earning.sol, the xxx_dtoken contracts use dtoken.sol, and the xxx_distributor contracts use distributor.sol.
POOL_FACTORY: '0x8e0caee3d94d5497744e2db30eec2d222739df6d': When a pool is created, a P2U_dtoken for that pool will also be deployed; when a user stake in this pool, it will receive this P2U dtoken which represents its Staking Power in this pool (its share of all rewards received through this pool).
CONTROLLER: '0xb4e5f0b2885f09fd5a078d86e94e5d2e4b8530a7'
PROFILE: '0x7c25c3edd4576b78b4f8aa1128320ae3d7204bec'
DCT_EARNING: '0xecc07bf95d53268d9204ec58788c4df067ce075c': stores and calculate user earning in $GOAT.
ETH_EARNING: '0xf7a08a0728c583075852be8b67e47dceb5c71d48': stores and calculate user earning in ETH.
ETH_LOCKER: '0x0265850fe8a0615260a1008e1c1df01db394e74a': stores locked ETH.
DCT_LOCKER: '0x1033d5f886aef22ffadebf5f8c34088030bb80f3': stores locked $GOAT.
E_P2P_DTOKEN: '0x8b64439a617bb1e85f83b97ea779edef49b9dcb2': a pool owner earns Ep2p dtoken when ETH is staked in its pool; this dtoken balance is called the Trust Score.
D_P2P_DTOKEN: '0x72835409b8b49d83d8a710e67c906ae313d22860': a user earns Dp2p dtoken when staking $GOAT in its own pool; this dtoken balance is called Boost-Vote Power (because it's used to Boost one's Trust Score, and Vote on Challenges); this dtoken represents all $GOAT stakers.
DCT: '0x5bfe38c9f309aed44daa035abf69c80786355136': $GOAT token.
VOTING: '0x896604b21c6e9cbce82e096266dcb5798cdda67b'
E_DP2P_DISTRIBUTOR: '0x6df03a30c6f428b88c2bc9cb150d752935d971d0': airdrop/distribute ETH rewards to all Dp2p dtoken holders ($GOAT stakers) pro-rata.
D_DP2P_DISTRIBUTOR: '0xb087427ba44ed71a40ac80b86e41420b7fb595ec': airdrop/distribute $GOAT rewards to all Dp2p dtoken holders ($GOAT stakers) pro-rata.
MULTICALL: '0xea4172c0033e6e90db9d2ee6e56cd27889ff09c3'
D_P2P_DISTRIBUTOR: '0x88185cd296fd85169ee6152728daaef5fcca9c0a': distribute $GOAT (Mining Reward) in 2 steps - to all pools based pool owners' Trust Score (Ep2p dtoken balance) pro-rata, and then to all stakers in each pool based on each staker's Staking Power (P2U dtoken) in that particular pool pro-rata.
GLOBAL_ACCESS: '0x588cf1494c5ac93796134e5e1827f58d2a8a9cdb'
DEV_TEAM_DTOKEN: '0x03340c677ae7d887e8c4bd57e2fac10c75c479df': dtoken for Protocol Revenue.
DEV_TEAM_DISTRIBUTOR: '0xa42901fc3a89cd2f3ac97b43cf5069b4ef51f40a': distribute ETH Protocol Revenue pro-rata.
PRIVATE_VESTER: '0x484a42a88eb7f673ec3f688ebb17bfa2341ab562'
DCT_VESTER: '0xcbc65770b01bf12f7ccf8ce25adce9c807510976'
ETH_SHARING: '0xe8330ece50934eac7457a712f9079d7775b04c9a'
How to feed Goat.Tech Trust Score On-Chain:
const pool = await ContractPoolFactory.methods.getPool("0x1c60244959213ba28610dd0702bb50cc98328e75").call()
const dctDistributor = pool.dctDistributor;
const trustScore = await ContractEP2PDToken.methods.balanceOf(dctDistributor).call()
For any issues or concerns regarding this competition, please reach out to core-team on discord.
$80,000 USDC
19 Mar 2024 - 8 Apr 2024
Morpho Labs has teamed up with Cantina for the inaugural public security review competition hosted on their new platform by security researchers for security researchers. The competition will run two codebases in parallel: Metamorpho & Morpho Blue.
Competition at a Glance
Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.
Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.
Visit the docs for a complete project overview.
The prize distribution works as follows:
Severity level | Impact: High | Impact: Medium | Impact: low |
---|---|---|---|
Likelihood:High | High | High | Medium |
Likelihood:Medium | High | Medium | Low |
Likelihood:Low | Medium | Low | Low |
Check out the previously recorded read through of the repos for both competitions:
Morpho Competition Live Code Walkthrough on twitter.
src
except the mocks
folderFile | blank | comment | code |
---|---|---|---|
src/Morpho.sol | 129 | 72 | 325 |
src/interfaces/IMorpho.sol | 33 | 167 | 111 |
src/libraries/periphery/MorphoBalancesLib.sol | 17 | 21 | 82 |
src/libraries/periphery/MorphoStorageLib.sol | 24 | 9 | 76 |
src/libraries/EventsLib.sol | 18 | 82 | 47 |
src/libraries/periphery/MorphoLib.sol | 11 | 6 | 46 |
src/libraries/ErrorsLib.sol | 23 | 28 | 26 |
src/libraries/MathLib.sol | 8 | 12 | 25 |
src/libraries/UtilsLib.sol | 5 | 10 | 23 |
src/libraries/SafeTransferLib.sol | 5 | 9 | 21 |
src/libraries/SharesMathLib.sol | 8 | 15 | 19 |
src/interfaces/IMorphoCallbacks.sol | 5 | 31 | 16 |
src/libraries/MarketParamsLib.sol | 3 | 8 | 10 |
src/libraries/ConstantsLib.sol | 6 | 7 | 8 |
src/interfaces/IIrm.sol | 3 | 9 | 6 |
src/interfaces/IOracle.sol | 1 | 10 | 4 |
src/interfaces/IERC20.sol | 1 | 6 | 2 |
SUM: | 300 | 502 | 847 |
Any findings on the previous review from OpenZeppelin / Cantina Managed review will be considered out of scope.
Automated findings from 4naly3er.
For any issues or concerns regarding Cantina Competitions or Cantina Code - please reach out to us at Cantina.
$100,000 USDC
13 Nov 2023 - 4 Dec 2023
Morpho Labs has teamed up with Cantina for the inaugural public security review competition hosted on their new platform by security researchers for security researchers.
The competition at a glance:
Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.
Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.
MetaMorpho is a protocol for lending vaults built on Morpho Blue. Anyone can create a vault that allocates to multiple Morpho Blue markets. Each vault is curated to provide suppliers with tailored risk exposures, better yields, and greater transparency.
Visit the docs for a complete project overview.
The prize distribution works as follows:
Check out the previously recorded read through of the repos for both competitions on cantina twitter.
src
File | blank | comment | code |
---|---|---|---|
src/SpeedJumpIrm.sol | 27 | 45 | 87 |
src/libraries/MathLib.sol | 10 | 16 | 29 |
src/libraries/ErrorsLib.sol | 6 | 11 | 9 |
src/libraries/UtilsLib.sol | 1 | 9 | 9 |
SUM: | 44 | 81 | 134 |
src
File | blank | comment | code |
---|---|---|---|
src/ChainlinkOracle.sol | 9 | 46 | 46 |
src/libraries/ChainlinkDataFeedLib.sol | 7 | 13 | 15 |
src/interfaces/AggregatorV3Interface.sol | 5 | 3 | 14 |
src/libraries/VaultLib.sol | 3 | 7 | 8 |
src/libraries/ErrorsLib.sol | 2 | 7 | 5 |
src/interfaces/IERC4626.sol | 1 | 4 | 4 |
SUM: | 27 | 77 | 92 |
src
except the mocks
folderFile | blank | comment | code |
---|---|---|---|
src/MetaMorpho.sol | 202 | 183 | 477 |
src/interfaces/IMetaMorpho.sol | 17 | 11 | 65 |
src/libraries/EventsLib.sol | 22 | 34 | 37 |
src/MetaMorphoFactory.sol | 13 | 20 | 26 |
src/libraries/ErrorsLib.sol | 21 | 26 | 24 |
src/libraries/ConstantsLib.sol | 5 | 10 | 8 |
src/interfaces/IMorphoMarketParams.sol | 2 | 1 | 5 |
SUM: | 282 | 285 | 642 |
src
except the mocks
and goerli
foldersFile | blank | comment | code |
---|---|---|---|
src/migration/interfaces/IAaveV3.sol | 41 | 356 | 126 |
src/MorphoBundler.sol | 39 | 84 | 112 |
src/migration/interfaces/IAaveV2.sol | 24 | 157 | 80 |
src/migration/interfaces/IAaveV30ptimizer.sol | 12 | 3 | 72 |
src/ERC4626Bundler.sol | 27 | 45 | 47 |
src/migration/CompoundV3MigrationBundler.sol | 16 | 38 | 41 |
src/migration/interfaces/ICompoundV3.sol | 16 | 1 | 36 |
src/migration/AaveV30ptimizerMigrationBundler.sol | 15 | 42 | 35 |
src/migration/CompoundV2MigrationBundler.sol | 20 | 28 | 34 |
src/StEthBundler.sol | 20 | 26 | 33 |
src/BaseBundler.sol | 17 | 26 | 32 |
src/TransferBundler.sol | 15 | 26 | 28 |
src/WNativeBundler.sol | 17 | 24 | 26 |
src/interfaces/IWstEth.sol | 2 | 1 | 25 |
src/UrdBundler.sol | 5 | 14 | 22 |
src/ethereum/EthereumBundler.sol | 4 | 6 | 22 |
src/Permit2Bundler.sol | 8 | 13 | 20 |
src/migration/AaveV2MigrationBundler.sol | 13 | 25 | 20 |
src/migration/AaveV3MigrationBundler.sol | 13 | 24 | 20 |
src/migration/MigrationBundler.sol | 7 | 9 | 16 |
src/ethereum/EthereumPermitBundler.sol | 4 | 15 | 15 |
src/PermitBundler.sol | 3 | 16 | 14 |
src/ethereum/interfaces/IDaiPermit.sol | 2 | 10 | 14 |
src/interfaces/IMorphoBundler.sol | 2 | 5 | 13 |
src/libraries/ErrorsLib.sol | 12 | 17 | 13 |
src/migration/interfaces/ICToken.sol | 8 | 1 | 11 |
src/migration/interfaces/ICEth.sol | 7 | 1 | 10 |
src/interfaces/IStEth.sol | 5 | 1 | 8 |
src/ethereum/libraries/MainnetLib.sol | 4 | 5 | 7 |
src/ethereum/migration/AaveV2EthereumMigrationBundler.sol | 4 | 6 | 7 |
src/interfaces/IWNative.sol | 1 | 1 | 7 |
src/ethereum/EthereumStEthBundler.sol | 4 | 6 | 6 |
src/interfaces/IMulticall.sol | 1 | 7 | 4 |
src/migration/interfaces/IComptroller.sol | 1 | 1 | 4 |
src/libraries/ConstantsLib.sol | 2 | 3 | 3 |
SUM: | 391 | 1043 | 983 |
src
File | blank | comment | code |
---|---|---|---|
src/UniversalRewardsDistributor.sol | 48 | 65 | 100 |
src/interfaces/IUniversalRewardsDistributor.sol | 6 | 9 | 28 |
src/UrdFactory.sol | 8 | 14 | 24 |
src/libraries/EventsLib.sol | 8 | 31 | 19 |
src/libraries/ErrorsLib.sol | 7 | 12 | 10 |
SUM: | 77 | 131 | 181 |
src
File | blank | comment | code |
---|---|---|---|
src/ERC20PermissionedBase.sol | 25 | 33 | 55 |
Any findings on the previous review from OpenZeppelin / Cantina Managed review will be considered out of scope.
On top of that, automated findings from 4nalyzer will also be considered out of scope.
$100,000 USDC
16 Nov 2023 - 7 Dec 2023
The competition at a glance:
The prize distribution works as follows:
Check out the previously recorded read through of the repos for both competitions on cantina twitter and here.
e7d53f306989ba205c779973d1b5e86755a1b9c0
src
File | Blank | Comment | Code |
---|---|---|---|
src/ERC1155A.sol | 100 | 132 | 362 |
src/aERC20.sol | 10 | 7 | 26 |
SUM: | 110 | 139 | 388 |
29aa0519f4e65aa2f8477b76fc9cc924a6bdec8b
src
File | Blank | Comment | Code |
---|---|---|---|
src/BaseRouterImplementation.sol | 143 | 136 | 773 |
src/crosschain-data/extensions/CoreStateRegistry.sol | 140 | 130 | 740 |
src/payments/PaymentHelper.sol | 147 | 134 | 574 |
src/crosschain-data/utils/PayloadHelper.sol | 60 | 28 | 339 |
src/crosschain-liquidity/DstSwapper.sol | 75 | 54 | 324 |
src/forms/ERC4626FormImplementation.sol | 77 | 65 | 279 |
src/SuperPositions.sol | 80 | 71 | 249 |
src/crosschain-data/adapters/layerzero/LayerzeroImplementation.sol | 59 | 60 | 235 |
src/settings/SuperRegistry.sol | 58 | 77 | 215 |
src/BaseForm.sol | 55 | 59 | 204 |
src/crosschain-data/extensions/TimelockStateRegistry.sol | 48 | 48 | 195 |
src/SuperformFactory.sol | 58 | 55 | 191 |
src/crosschain-liquidity/lifi/LiFiValidator.sol | 27 | 59 | 171 |
src/SuperformRouter.sol | 31 | 23 | 155 |
src/forms/ERC4626TimelockForm.sol | 33 | 47 | 153 |
src/crosschain-data/adapters/wormhole/automatic-relayer/WormholeARImplementation.sol | 44 | 50 | 153 |
src/crosschain-data/adapters/wormhole/specialized-relayer/WormholeSRImplementation.sol | 46 | 59 | 151 |
src/types/DataTypes.sol | 26 | 39 | 149 |
src/crosschain-data/adapters/hyperlane/HyperlaneImplementation.sol | 46 | 57 | 145 |
src/settings/SuperRBAC.sol | 35 | 70 | 120 |
src/crosschain-data/BaseStateRegistry.sol | 41 | 48 | 115 |
src/crosschain-data/BroadcastRegistry.sol | 28 | 32 | 97 |
src/payments/PayMaster.sol | 28 | 29 | 82 |
src/forms/ERC4626KYCDaoForm.sol | 14 | 23 | 76 |
src/EmergencyQueue.sol | 28 | 31 | 74 |
src/libraries/DataLib.sol | 10 | 17 | 73 |
src/crosschain-liquidity/socket/SocketValidator.sol | 17 | 30 | 72 |
src/BaseRouter.sol | 21 | 29 | 65 |
src/forms/ERC4626Form.sol | 12 | 18 | 56 |
src/crosschain-liquidity/socket/SocketOneInchValidator.sol | 17 | 26 | 54 |
src/libraries/PayloadUpdaterLib.sol | 10 | 6 | 49 |
src/crosschain-liquidity/BridgeValidator.sol | 10 | 18 | 46 |
src/libraries/ArrayCastLib.sol | 10 | 3 | 37 |
src/crosschain-liquidity/LiquidityHandler.sol | 8 | 19 | 30 |
src/libraries/ProofLib.sol | 5 | 2 | 16 |
src/crosschain-data/utils/QuorumManager.sol | 7 | 17 | 13 |
SUM: | 1554 | 1669 | 6470 |
Any findings on the previous review will be out of scope.
On top of that, automated findings from 4nalyzer will also be considered out of scope.
$140,000 USDC
27 Nov 2023 - 18 Dec 2023
Hack Superform, keep the money.
Starting December 28th, the Superform Protocol will be deployed on Avalanche, BNB Chain, and Polygon. Deposits will be made into 3 vaults on each chain for a total of 9 vaults. Deposits will be made into 3 vaults daily in tranches of $2.5k at 15:00 UTC until all deposits have been made.
The goal is to steal the ERC4626 shares held in Superform Protocol’s Superform contracts and tokens in transit from chain to chain. If stolen, the security researcher can keep the bounty in the vault. Users may do this via any protocol action — creating new Superforms, depositing/withdrawing from the protocol into vaults themselves via our contracts, etc.
See the full announcement here
$100,000 USDC
28 Dec 2023 - 14 Jan 2024
ZeroLend is the leading lending market on zkSync!
A walkthrough of the governance contracts will be done on 9th of January.
The prize distribution works as follows:
import { loadFixture } from "@nomicfoundation/hardhat-toolbox/network-helpers";
import { expect } from "chai";
import { deployFixture } from "./fixtures/core";
describe("Basic", function () {
it("Should deploy token properly", async function () {
const { token, owner } = await loadFixture(deployFixture);
expect(await token.owner()).to.equal(owner.address);
expect(await token.owner()).to.equal(owner.address);
});
});
src
File | blank | comment | code |
---|---|---|---|
./ZeroLocker.sol | 123 | 268 | 732 |
./ZLRewardsController.sol | 89 | 215 | 512 |
./ZeroLockerTimelock.sol | 46 | 179 | 297 |
./FeeDistributor.sol | 68 | 11 | 228 |
./StreamedVesting.sol | 50 | 22 | 186 |
./interfaces/IZLRewardsController.sol | 39 | 9 | 73 |
./interfaces/IZeroLocker.sol | 24 | 4 | 63 |
./Epoch.sol | 20 | 14 | 58 |
./interfaces/IStreamedVesting.sol | 9 | 1 | 43 |
./StakingEmissions.sol | 11 | 10 | 40 |
./VestedZeroLend.sol | 12 | 10 | 39 |
./BonusPool.sol | 9 | 10 | 35 |
./ZeroLend.sol | 8 | 10 | 27 |
./interfaces/IZeroLend.sol | 3 | 10 | 15 |
./interfaces/IFeeDistributor.sol | 6 | 10 | 15 |
./utils/RecoverERC20.sol | 4 | 8 | 11 |
./interfaces/IIncentivesController.sol | 2 | 1 | 9 |
./interfaces/IBonusPool.sol | 5 | 1 | 7 |
./interfaces/IERC20Burnable.sol | 3 | 1 | 6 |
./interfaces/IWETH.sol | 2 | 1 | 5 |
SUM: | 533 | 795 | 2401 |
$80,000 USDC
8 Jan 2024 - 25 Jan 2024
Olas is a unified network for off-chain services like automation, oracles, co-owned AI. It offers a stack for building services and a protocol for incentivizing their creation and their operation in a co-owned and decentralized way.
The competition at a glance:
Further documentation on OLAS tokenomics and OLAS protocol can be found in what follows:
The prize distribution works as follows:
src
File | blank | comment | code |
---|---|---|---|
./lockbox/programs/liquidity_lockbox/src/lib.rs | 92 | 77 | 510 |
./lockbox/programs/liquidity_lockbox/src/state.rs | 10 | 13 | 67 |
./lockbox2/programs/liquidity_lockbox/src/lib.rs | 103 | 87 | 547 |
./lockbox2/programs/liquidity_lockbox/src/state.rs | 5 | 7 | 38 |
SUM: | 210 | 184 | 1162 |
Known issues Vulnerabilities_list_solana_lockbox_v1.pdf and any issues documented in the doc folders valory-xyz/lockbox-solana/tree/main/lockbox/doc and valory-xyz/lockbox-solana/tree/main/lockbox2/doc or in the audits folders valory-xyz/lockbox-solana/tree/main/lockbox/audits and valory-xyz/lockbox-solana/tree/main/lockbox2/audits.
For any issues or concerns regarding Cantina Competitions or Cantina Code - please reach out to us at Cantina.
$50,000 USDC
15 Jan 2024 - 29 Jan 2024
Visit the docs for an overview of the protocol.
The scope is the following. You can also see the out-of-scope items greyed out in the navigation bar in Cantina Code. And selecting In Scope
will also directly list them.
File | blank | comment | code |
---|---|---|---|
./tokenomics/GaugeFactory.sol | 26 | 16 | 42 |
./tokenomics/GaugeController.sol | 119 | 140 | 387 |
./tokenomics/EscrowedToken.sol | 49 | 70 | 193 |
./pools/BPTOracle.sol | 50 | 58 | 166 |
./pools/OpalLpToken.sol | 11 | 14 | 49 |
./pools/Omnipool.sol | 152 | 222 | 802 |
./pools/OmnipoolController.sol | 41 | 58 | 233 |
SUM: | 448 | 578 | 1872 |
Automated findings from 4naly3er.
For any issues or concerns regarding this competition, please reach out to cbym on discord.
$40,000 USDC
12 Feb 2024 - 20 Feb 2024
Arcade.xyz is the first of its kind Web3 platform to enable liquid lending markets for NFTs. At Arcade.xyz, we think all assets will eventually become digitized and that NFTs represent a 0 to 1 innovation in storing value and ownership attribution for unique digital assets.
Arcade.xyz's focus is on building primitives, infrastructure, and applications enabling the growth of NFTs as an asset class. As such, the first product we released is an innovative peer to peer lending marketplace that allows NFT owners to unlock liquidity on baskets of NFTs on Ethereum. Lenders that hold stablecoins or ERC20 tokens can participate in a new source of DeFi yield by underwriting term loans collateralized by borrowers' NFTs.
Arcade.xyz is our end user application that strives to become the premier liquidity venue for NFTs, via a protocol for NFT collateralized loans with flexible terms. Today NFTs are largely digital representations of artwork and media content, however, our belief is that in the not so distant future NFTs will encompass digital rights, metaverse assets, and digital identity.
For more information about Arcade.xyz, please visit docs.arcadedao.xyz/docs.
File | blank | comment | code |
---|---|---|---|
contracts/LoanCore.sol | 129 | 361 | 451 |
contracts/RepaymentController.sol | 38 | 97 | 106 |
contracts/origination/OriginationController.sol | 77 | 230 | 313 |
contracts/origination/OriginationControllerMigrate.sol | 71 | 183 | 246 |
contracts/origination/RefinanceController.sol | 31 | 54 | 125 |
contracts/origination/OriginationConfiguration.sol | 39 | 77 | 101 |
contracts/origination/OriginationCalculator.sol | 16 | 54 | 89 |
contracts/libraries/OriginationLibrary.sol | 30 | 91 | 158 |
contracts/libraries/InterestCalculator.sol | 11 | 60 | 58 |
contracts/libraries/LoanLibrary.sol | 7 | 79 | 47 |
SUM: | 449 | 1286 | 1694 |
The project builds as follows
// clone the repo
git clone https://github.com/arcadexyz/arcade-protocol.git
cd arcade-protocol
// install dependancies
yarn install
// compile contracts
yarn compile
// run test suite
yarn test
Reference the test/Integration.ts
test suite. The test fixture provides all necessary lending protocol contracts. You can also utilize the mock contracts in contracts/test/
folder if you need to deploy mocks. Additionally, you can utilize the migration scripts in scripts/v3-migration/
for POC’s related to the V3 migration flows.
For any issues or concerns regarding this competition, please reach out to core-team on discord.
$60,000 USDC
22 Feb 2024 - 7 Mar 2024
EigenLayer is a protocol built on Ethereum that introduces restaking, a new primitive in cryptoeconomic security. This primitive enables the reuse of ETH on the consensus layer. Users that stake ETH natively or with a liquid staking token (LST) can opt-in to EigenLayer smart contracts to restake their ETH or LST and extend cryptoeconomic security to additional applications on the network to earn additional rewards.
This review concerns the upcoming M2 mainnet upgrade for EigenLayer and EigenDA. The upgrade is scheduled for end Q1/early Q2, and consists of:
We are asking for reviewers to dig through the smart contracts for the m2 mainnet upgrade, as well as analyze the upgrade path from the current mainnet deployment to the target contracts.
What is this? Our core contract repo, primarily responsible for:
Repository: github.com/Layr-Labs/eigenlayer-contracts Commit: 6e588701c5f543ae4cd34fe9c6567cc46c7eb722
File | blank | comment | code |
---|---|---|---|
eigenlayer-contracts/src/contracts/core/DelegationManager.sol | 103 | 328 | 581 |
eigenlayer-contracts/src/contracts/core/StrategyManager.sol | 48 | 171 | 269 |
eigenlayer-contracts/src/contracts/core/AVSDirectory.sol | 24 | 56 | 103 |
eigenlayer-contracts/src/contracts/core/Slasher.sol | 27 | 17 | 58 |
eigenlayer-contracts/src/contracts/core/DelegationManagerStorage.sol | 21 | 61 | 34 |
eigenlayer-contracts/src/contracts/core/StrategyManagerStorage.sol | 7 | 47 | 33 |
eigenlayer-contracts/src/contracts/core/AVSDirectoryStorage.sol | 9 | 17 | 20 |
eigenlayer-contracts/src/contracts/pods/EigenPod.sol | 110 | 214 | 481 |
eigenlayer-contracts/src/contracts/pods/EigenPodManager.sol | 32 | 101 | 225 |
eigenlayer-contracts/src/contracts/pods/DelayedWithdrawalRouter.sol | 24 | 47 | 167 |
eigenlayer-contracts/src/contracts/pods/EigenPodManagerStorage.sol | 18 | 32 | 39 |
eigenlayer-contracts/src/contracts/pods/EigenPodPausingConstants.sol | 2 | 15 | 9 |
eigenlayer-contracts/src/contracts/strategies/StrategyBaseTVLLimits.sol | 13 | 39 | 40 |
eigenlayer-contracts/src/contracts/strategies/StrategyBase.sol | 35 | 151 | 106 |
eigenlayer-contracts/src/contracts/permissions/Pausable.sol | 18 | 49 | 69 |
eigenlayer-contracts/src/contracts/permissions/PauserRegistry.sol | 9 | 12 | 32 |
eigenlayer-contracts/src/contracts/libraries/Merkle.sol | 6 | 70 | 96 |
eigenlayer-contracts/src/contracts/libraries/EIP1271SignatureUtils.sol | 3 | 18 | 20 |
eigenlayer-contracts/src/contracts/libraries/Endian.sol | 1 | 9 | 15 |
eigenlayer-contracts/src/contracts/libraries/BytesLib.sol | 76 | 125 | 289 |
eigenlayer-contracts/src/contracts/libraries/BeaconChainProofs.sol | 51 | 114 | 244 |
eigenlayer-contracts/src/contracts/interfaces/IDelegationManager.sol | 54 | 276 | 136 |
eigenlayer-contracts/src/contracts/interfaces/IDelegationFaucet.sol | 9 | 1 | 32 |
eigenlayer-contracts/src/contracts/interfaces/IEigenPod.sol | 38 | 97 | 88 |
eigenlayer-contracts/src/contracts/interfaces/ISlasher.sol | 28 | 101 | 66 |
eigenlayer-contracts/src/contracts/interfaces/IStrategyManager.sol | 25 | 85 | 51 |
eigenlayer-contracts/src/contracts/interfaces/IEigenPodManager.sol | 32 | 86 | 47 |
eigenlayer-contracts/src/contracts/interfaces/IWhitelister.sol | 9 | 1 | 31 |
eigenlayer-contracts/src/contracts/interfaces/IDelayedWithdrawalRouter.sol | 16 | 30 | 25 |
eigenlayer-contracts/src/contracts/interfaces/IStrategy.sol | 13 | 66 | 16 |
eigenlayer-contracts/src/contracts/interfaces/IAVSDirectory.sol | 10 | 33 | 24 |
eigenlayer-contracts/src/contracts/interfaces/IPausable.sol | 12 | 39 | 14 |
eigenlayer-contracts/src/contracts/interfaces/ISignatureUtils.sol | 2 | 13 | 12 |
eigenlayer-contracts/src/contracts/interfaces/IETHPOSDeposit.sol | 6 | 23 | 12 |
eigenlayer-contracts/src/contracts/interfaces/IPauserRegistry.sol | 4 | 8 | 7 |
eigenlayer-contracts/src/contracts/interfaces/ISocketUpdater.sol | 5 | 11 | 5 |
eigenlayer-contracts/src/contracts/interfaces/IBeaconChainOracle.sol | 1 | 7 | 4 |
SUM: | 937 | 2714 | 3631 |
What is this? Our AVS contract repo, which AVSs will deploy to allow operators to register and begin providing services.
Repository: github.com/Layr-Labs/eigenlayer-middleware Commit: 61d554403279826fcbc38d421580811e57d29270
File | blank | comment | code |
---|---|---|---|
eigenlayer-middleware/src/RegistryCoordinator.sol | 100 | 312 | 507 |
eigenlayer-middleware/src/StakeRegistry.sol | 83 | 218 | 414 |
eigenlayer-middleware/src/IndexRegistry.sol | 47 | 114 | 182 |
eigenlayer-middleware/src/BLSSignatureChecker.sol | 32 | 92 | 166 |
eigenlayer-middleware/src/BLSApkRegistry.sol | 39 | 83 | 162 |
eigenlayer-middleware/src/OperatorStateRetriever.sol | 21 | 46 | 95 |
eigenlayer-middleware/src/ServiceManagerBase.sol | 21 | 40 | 93 |
eigenlayer-middleware/src/RegistryCoordinatorStorage.sol | 10 | 30 | 42 |
eigenlayer-middleware/src/StakeRegistryStorage.sol | 13 | 21 | 25 |
eigenlayer-middleware/src/BLSApkRegistryStorage.sol | 9 | 12 | 19 |
eigenlayer-middleware/src/IndexRegistryStorage.sol | 8 | 17 | 18 |
eigenlayer-middleware/src/libraries/BitmapUtils.sol | 25 | 89 | 85 |
eigenlayer-middleware/src/libraries/BN254.sol | 47 | 104 | 199 |
eigenlayer-middleware/src/interfaces/IStakeRegistry.sol | 33 | 135 | 80 |
eigenlayer-middleware/src/interfaces/IRegistryCoordinator.sol | 31 | 62 | 60 |
eigenlayer-middleware/src/interfaces/IBLSApkRegistry.sol | 20 | 79 | 41 |
eigenlayer-middleware/src/interfaces/IBLSSignatureChecker.sol | 11 | 33 | 38 |
eigenlayer-middleware/src/interfaces/IIndexRegistry.sol | 15 | 49 | 26 |
eigenlayer-middleware/src/interfaces/IServiceManager.sol | 7 | 32 | 14 |
eigenlayer-middleware/src/interfaces/ISocketUpdater.sol | 4 | 11 | 5 |
eigenlayer-middleware/src/interfaces/IRegistry.sol | 1 | 8 | 4 |
SUM: | 577 | 1587 | 2275 |
What is this? Our AVS offchain repository - mostly offchain components, but also contains the EigenDAServiceManager.sol
contract, which inherits from contracts in the middleware repository.
Repository: github.com/Layr-Labs/eigenda Commit: 91838ba58b8e2525c7fd1e4db5e9903551eed326
File | blank | comment | code |
---|---|---|---|
eigenda/contracts/src/Imports.sol | 1 | 1 | 3 |
eigenda/contracts/src/core/EigenDAServiceManager.sol | 22 | 30 | 95 |
eigenda/contracts/src/core/EigenDAServiceManagerStorage.sol | 9 | 24 | 13 |
eigenda/contracts/src/interfaces/IEigenDAServiceManager.sol | 18 | 28 | 51 |
eigenda/contracts/src/libraries/EigenDAHasher.sol | 12 | 46 | 48 |
SUM: | 92 | 180 | 323 |
For any issues or concerns regarding this competition, please reach out to core-team on discord.
$100,000 USDC
27 Feb 2024 - 18 Mar 2024
Earn, Borrow & Lend on the #1 Decentralized Money Market.
The Venus Protocol is currently deployed on BNB Chain, Ethereum and opBNB, and it will be deployed to more networks soon. Governance proposals are currently managed (created, voted, executed, etc.) on BNB Chain, and with the Multichain governance project these proposals will support commands that will execute privileged functions in the remote networks (Ethereum, opBNB, etc.)
Total Prize Pool $58,000
$> yarn install
$> npx hardhat compile
The test suite at tests/Cross-chain/Omnichain.ts includes helper functions to make payloads, and a good set of tests covering the different flows. POC could be defined from that file.
For any issues or concerns regarding this competition, please reach out to core-team on discord.
$58,000 USDC
22 Mar 2024 - 5 Apr 2024