Genius Foundation / genius-contracts

Genius is the first way to buy anything, anywhere from 1 place while you retain full custody of your assets.

We believe in a future where thousands of tokens are traded across hundreds of chains - Genius is the decentralized layer to facilitate these transactions in a fast, safe, and compliant way.

Prize distribution and scoring

• Public Prize Pool: $25,000
• Additional pay for dedicated Cantina researcher: $5,000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Code Walkthrough

• Walkthrough

Scope

Genius EVM Contracts

• Url: https://cantina.xyz/code/12acc80c-4e4c-4081-a0a3-faa92150651a/genius-contracts/README.md
• Files:

File	Description	LOC
GeniusVaultCore.sol	Core vault implementation with upgradeable functionality. Handles staking, liquidity management, order processing, and cross-chain operations. Implements ERC20 token functionality with access control and reentrancy protection.	790
GeniusVault.sol	Main vault contract that handles cross-chain stablecoin bridge with price-based deposit protection. Inherits from GeniusVaultCore and implements order creation with stablecoin price verification using Chainlink feeds.	149
GeniusRouter.sol	Router contract for aggregating multiple calls in single transactions. Facilitates token swaps and cross-chain order creation using both standard approvals and Permit2. Integrates with vault, proxy call, and fee collector contracts.	251
GeniusProxyCall.sol	Proxy contract for executing batched transactions and managing token approvals. Provides safe execution of external calls with proper token handling, balance verification, and access control.	352
GeniusMulticall.sol	Multicall contract for executing multiple transactions in a single call. Inherits from MultiSendCallOnly and handles native token refunds.	26
fees/FeeCollector.sol	Handles the calculation, collection, and distribution of fees in the Genius protocol	612
TOTAL		2180

Genius Actions

• Url: https://cantina.xyz/code/12acc80c-4e4c-4081-a0a3-faa92150651a/genius-actions/README.md
• Total LOC: 8,274
• **Files: **
  • actions/**/*
  • services/blockchain/erc725/erc725y.service.ts
  • services/blockchain/genius-actions/genius-actions.const.ts
  • services/blockchain/genius-actions/genius-actions.service.ts
  • services/blockchain/genius-actions/genius-actions.types.ts
  • services/blockchain/vault/vault.types.ts
  • services/blockchain/vault/genius-evm-vault.ts
  • services/blockchain/vault/genius-solana-pool.ts
  • services/blockchain/vault/constants/genius-svm-constants.ts
  • services/blockchain/vault/solana/svm-address-utils.ts
  • services/blockchain/vault/solana/svm-asset-manager.ts
  • services/blockchain/vault/solana/svm-connection-manager.ts
  • services/blockchain/vault/solana/svm-order-manager.ts
  • services/blockchain/vault/solana/svm-transaction-builder.ts
  • services/lit-services/encryptor/encryptor-lit.ts
  • services/lit-services/encryptor/encryptor.interface.ts
  • services/lit-services/error-handler/error-handler-lit.ts
  • services/lit-services/error-handler/error-handler.interface.ts
  • services/lit-services/error-handler/error-handler.ts
  • services/lit-services/execution-handler/execution-handler-lit.ts
  • services/lit-services/execution-handler/execution-handler.interface.ts
  • services/lit-services/execution-handler/execution-handler.ts
  • services/lit-services/lit-helpers/lit-helpers.interface.ts
  • services/lit-services/lit-helpers/lit-helpers.ts
  • services/lit-services/lit-helpers/lit-helpers-mock.ts
  • services/lit-services/orchestator/orchestrator-lit.ts
  • services/lit-services/orchestator/orchestrator.interface.ts
  • services/lit-services/orchestator/orchestrator.ts
  • utils/addresses.ts
  • utils/addresses-dev.ts
  • utils/addresses-staging.ts
  • utils/address-transform.ts
  • utils/address-validation.ts
  • utils/rpcs.ts
  • utils/string-to-bytes32.ts
  • utils/encode-multicall-tx.ts
  • utils/encode-signature.ts
  • utils/generate-sig-id.ts
  • utils/validate-eth-signature.ts
  • utils/caller-auth-lit.ts
  • utils/solana-utils.ts
  • utils/lit/action-init.ts
  • utils/solana/jito.ts
  • utils/solana/jupiter.transaction.ts
  • utils/solana/txn-serialization.ts
  • utils/solana/decimals.util.ts
  • utils/solana/solana.prioritization.fee.ts
  • utils/swap/fill-order-swap-quote-util.ts
  • types/chain-id.ts
  • types/environment.ts
  • types/env-vars.ts
  • types/encrypted-data.ts
  • types/evm-arbitrary-call.ts
  • types/globals.ts
  • types/orchestrator.ts
  • types/permit.d.ts
  • types/signed-response.d.ts

Genius Solana Contracts

• Url: https://cantina.xyz/code/12acc80c-4e4c-4081-a0a3-faa92150651a/genius-contracts-solana/README.md
• Total LOC: 2,098
• Files:
  • ./programs/genius/src/instructions/create_order.rs
  • ./programs/genius/src/lib.rs
  • ./programs/genius/src/state.rs
  • ./programs/genius/src/instructions/fill_order.rs
  • ./programs/genius/src/instructions/revert_order.rs
  • ./programs/genius/src/util.rs
  • ./programs/genius/src/instructions/claim_fees.rs
  • ./programs/genius/src/error.rs
  • ./programs/genius/src/instructions/fill_order_token_transfer.rs
  • ./programs/genius/src/instructions/remove_bridge_liquidity.rs
  • ./programs/genius/src/instructions/set_insurance_fee_tiers.rs
  • ./programs/genius/src/instructions/add_orchestrator.rs
  • ./programs/genius/src/instructions/set_fee_tiers.rs
  • ./programs/genius/src/instructions/add_global_state_authority.rs
  • ./programs/genius/src/instructions/initialize.rs
  • ./programs/genius/src/instructions/set_target_chain_min_fee.rs
  • ./programs/genius/src/instructions/remove_global_state_authority.rs
  • ./programs/genius/src/instructions/freeze_thaw_global_state.rs
  • ./programs/genius/src/instructions/set_protocol_fee_fraction.rs
  • ./programs/genius/src/instructions/update_global_state_params.rs
  • ./programs/genius/src/instructions/mod.rs
  • ./programs/genius/src/instructions/remove_orchestrator.rs
  • ./programs/genius/src/instructions/nominate_authority.rs
  • ./programs/genius/src/instructions/accept_authority.rs
  • ./programs/genius/src/constant.rs

Out of Scope

• Any findings mentioned in the audits present within the /audits folders of the repos
• Findings found by LightChaser
  • https://gist.github.com/ChaseTheLight01/58206e8c2ce09cb009606a68d41df67b

Genius Evm Contracts

• “Centralisation” risk, within the context of the smart contracts, the orchestrators are considered to be safe
• Risk of inability to unstake (reedeem USDC from gUSD) if not enough liquidity in the vault. This risk can happen if sudden spike of unstakes, but will be resolved by rebalancing mechanisms
• Risk of inability to fill an order if not enough liquidity is in the destination vault. This risk can happen if sudden spikes of orders to the same chain, but will be resolved through rebalancing

Genius Actions

• Lit PKPs (Programmable Key Pairs) or Lit Encryption Mechanisms are considered secure
• Risk that the solver action is called without passing the user’s arbitrary call (transaction to be executed on destination chain) even if he provided enough surplus fees
• The solver action is currently not enforcing surplus fees verification for execution of swaps and transactions on destination chain
• Single Point of Failure from using 1 RPC per execution
• Single Point of Failure in rebalancing action from trusting the translation data received from aggregators or bridges APIs (will be remediated by recompiling every calldata directly within the genius-intents SDK to remove that risk)

Genius Solana Contracts

• Using Solana logs (msg!(“”)) instead of anchor events.
• Fill order transfers token to orchestrator rather than receiver. The lit actions are responsible for transferring the desired tokens to the user
• Staking in Solana pool directly is not supported currently
• Rebalancing (remove_bridge_liquidity) transfers tokens to orchestrators and not to other vaults directly, Lit actions are responsible for making transfers to designated vaults (on other chains)
• Fill order - source chain checks. Lit actions are responsible for validity of the order on source chain

Build Instructions

Genius Evm Contracts Build: forge build –via-ir Deployment: forge script script/deployment/DeployOptimismGeniusEcosystem.s.sol --rpc-url $OPTIMISM_RPC_URL --broadcast --via-ir

Note: The script is different per chain, so a new one will need to be created for a testnet deployment for example, owner needs to be changed and the contracts might need additional configuration post deployment (e.g. adding orchestrators)

Genius Actions Build: npm run build:esbuild Note: All the actions have base (or core) files that can be used to test the actions directly by executing the TS or JS files

Genius Solana Contracts Build: anchor build Deployment: solana program deploy target/deploy/genius.so --program-id --with-compute-unit-price 500000 --max-sign-attempts 300 --use-rpc

Basic POC Test

Genius EVM Contracts Simple test file to demonstrate the finding, e.g. https://github.com/Genius-Foundation/genius-contracts/blob/main/test/DecimalsConversion.t.sol

Genius Actions It can be a bit difficult to create a POC for the actions as an error could be related to the Lit Network, or our usage of the Lit Network. And the setup to test in real scenario the Lit Actions can be a bit tricky, so we accept findings without POC, which we will then verify, as long as explained well enough.

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.