infiniFi / infinifi-protocol

InfiniFi is a DeFi protocol that enables users to mint and redeem receipt tokens (iUSD) against collateral assets (USDC). The protocol features a sophisticated yield generation system through multiple farm integrations, a locking mechanism for enhanced rewards, and a governance system for farm allocation voting. It relies on reserve banking principles classifying Pendle and Ethena as illiquid/maturity farms and AAVE as liquid farm. By adjusting the ratio of deposits between liquid/illiquid it is capable of producing higher yields for both liquid and illiquid depositors.

Prize Distribution and Scoring

• Total Public Pool: $35,000

• Additional pay for dedicated Cantina researcher: $5,000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

Protocol whitepaper, business requirements for this stage (MVP) and a high level contracts overview is at:

• Documentation Link

Scope

• Repository: https://github.com/InfiniFi-Labs/infinifi-protocol/
• OldCommit:a18ac868e08c2b7af110c325ad64ebb466e31878
• New Commit: e1692f98c57309cf9a3f741dc8bc66a958293824
• LOC: 2417

Build Instructions

Build instructions is provided in README:

• Development Setup

Basic POC Test

Mandatory POC rule applies for this competition.

• Basic POC test

Out of scope

• Spearbit Audit - note that all issues listed as acknowledged are out of scope.
• Certora: Permanent reward dilution by state changes between startUnwinding and cancelUnwinding.
• Certora: DoS with _revertIfThereAreUnaccruedLosses when safety buffer is empty
• Certora: Strict equality check in LockingController.applyLosses might be inadequate due to division with rounding down happening prior to comparison.
• External oracle manipulation such as assumptions of using Chainlink price feeds, etc.
• Centralization issues: Protocol governor role will be behind a timelock contract suggesting that every operation will be visible to the users with a notice.
• zapInAndLock function is out of scope
• Automated findings by LightChaser
  • https://gist.github.com/ChaseTheLight01/d3539233c08c6358da79df6252885080

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.