OpportunitiesLeaderboardAbout Cantina
Silo Finance / silo-contracts-v2

Silo Finance / silo-contracts-v2

OverviewLeaderboard

Silo Finance is a non-custodial, permissionless lending protocol that implements isolated lending markets.

Docs: https://docs.silo.finance/

Try it: https://v2.silo.finance/

Prize distribution and scoring

Documentation

Scope

Build Instructions

  • Build Instructions
  • Basic POC test
  • Mandatory POC rule applies to this competition. All H/M findings should have a valid coded POC before the end of the competition.

Out of scope

  • Certora report
  • Silo deployment is permissionless. SiloFactory can deploy any silo implementation.
  • Hook receivers are designed to be flexible as much as possible. These smart contracts can do anything in the Silo via callOnBehalfOfSilo fn and in share tokens via callOnBehalfOfShareToken fn. It is the responsibility of the hook receiver developer to ensure it is secure.

Important This is an additional OOS finding added on 18th Jan 5:11 PM

The issue is with unclaimed rewards. They were not set to 0 after the claim, and users could claim it infinitely. The solution was to set unclaimed rewards to 0 after the user claimed rewards. https://github.com/silo-finance/silo-contracts-v2/blob/87d505b597d40b37399a0a428c14dcdbcf9f5a28/silo-core/contracts/incentives/base/BaseIncentivesController.sol#L214 _usersUnclaimedRewards mapping stores unclaimed rewards. When rewards are paid, it should be set to 0 but it's not.

Please note the above finding is out of scope for the competition

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

Summary

Status

Completed

Total reward:

$250,000

Findings submitted:

247

Start date:

13 Jan 2025 8:00pm (local time)

End date:

10 Feb 2025 8:00pm (local time)