makina-contracts

The Makina protocol introduces a novel architecture for onchain strategy execution that addresses fundamental limitations in existing vault infrastructure. Through its hub-and-spoke multi-chain design, Makina enables sophisticated cross-chain strategies while maintaining strict security guarantees and operational efficiency. The protocol's core innovation, MakinaVM, provides a flexible yet controlled execution environment that allows strategies to interact with any external protocol without requiring custom adapters. Combined with a comprehensive governance framework featuring multiple stakeholder roles and timelocked controls, Makina establishes a new paradigm for trustless, scalable, and capital-efficient onchain asset management. This paper presents the protocol's architecture, security model, and key innovations that enable institutional-grade strategy execution across multiple networks.

The CTF will demonstrate a full lifecycle of the contracts, with an initial pre-deposit vault live from the opening of the competition, migrating to a full active machine, expected to occur on Monday 22.09.2025.

The Strategies will be actively managed during the CTF event to provide ample examples and opportunities to find issues in the management, harvesting, bridging and swapping actions.

Prize distribution

• Total Prize Pool: $100,000 (in ETH at the time of launch, currently 22.1 ETH)

Documentation

Makina is a protocol for executing advanced cross-chain investment strategies. It provides the infrastructure for operators to issue tokenized strategies with full DeFi composability and strong risk controls. At the core of each strategy is a Machine contract, on the Hub Chain, which handles deposits, withdrawals, share pricing, and cross-chain coordination. Execution across chains is performed by Calibers, which serve as the strategy’s execution engines across the Hub and and all supported Spoke Chains. Every strategy is defined by a Mandate that outlines its objectives, risk profile, and operating parameters, serving as a reference for the operator, risk managers, the Security Council, and the DAO.

The official Makina Docs can be found at: https://docs.makina.finance

Participation Requirements

• Sign up at cantina.xyz and complete the KYC process.
• Add your wallet address to your profile (Profile -> Edit Profile -> CTF Addresses).
• Agree to the terms of participation to access the gated CTF environment.
• The contracts are live on Ethereum mainnet, Base, Arbitrum, Optimism, The addresses are within the Cantina repository here.
• Submit any valid exploit (and supporting writeup) through Cantina’s interface with a link to the transaction (Etherscan or equivalent).
• Valid submissions can either demonstrate direct theft of funds by arbitrary accounts or theft by Operator (0xf16fd67770daf14dcaa25711af9196dc290caca0) beyond tolerance levels (e.g., slippage, max loss values), or DoS on Operator or Risk Manager functions.
• There is no judging. No severity debates. Just hacking.
• Participants operating within this framework are eligible to retain recovered funds.

Scope

In Scope

• makina-core

.├── src│   ├── bridge│   │   ├── adapters│   │   │   ├── AcrossV3BridgeAdapter.sol│   │   │   └── BridgeAdapter.sol│   │   └── controller│   │       └── BridgeController.sol│   ├── caliber│   │   ├── Caliber.sol│   │   └── CaliberMailbox.sol│   ├── factories│   │   ├── BridgeAdapterFactory.sol│   │   ├── CaliberFactory.sol│   │   ├── Create3Factory.sol│   │   ├── HubCoreFactory.sol│   │   └── SpokeCoreFactory.sol│   ├── interfaces│   │   ├── AggregatorV2V3Interface.sol│   │   ├── IAcrossV3MessageHandler.sol│   │   ├── IAcrossV3SpokePool.sol│   │   ├── IBridgeAdapter.sol│   │   ├── IBridgeAdapterFactory.sol│   │   ├── IBridgeController.sol│   │   ├── ICaliber.sol│   │   ├── ICaliberFactory.sol│   │   ├── ICaliberMailbox.sol│   │   ├── IChainRegistry.sol│   │   ├── ICoreRegistry.sol│   │   ├── IFeeManager.sol│   │   ├── IHubCoreFactory.sol│   │   ├── IHubCoreRegistry.sol│   │   ├── IMachine.sol│   │   ├── IMachineEndpoint.sol│   │   ├── IMachineShare.sol│   │   ├── IMakinaContext.sol│   │   ├── IMakinaGovernable.sol│   │   ├── IOracleRegistry.sol│   │   ├── IOwnable2Step.sol│   │   ├── IPreDepositVault.sol│   │   ├── ISpokeCoreFactory.sol│   │   ├── ISpokeCoreRegistry.sol│   │   ├── ISwapModule.sol│   │   ├── ITokenRegistry.sol│   │   └── IWeirollVM.sol│   ├── libraries│   │   ├── CaliberAccountingCCQ.sol│   │   ├── DecimalsUtils.sol│   │   ├── Errors.sol│   │   └── MachineUtils.sol│   ├── machine│   │   ├── Machine.sol│   │   └── MachineShare.sol│   ├── pre-deposit│   │   └── PreDepositVault.sol│   ├── registries│   │   ├── ChainRegistry.sol│   │   ├── CoreRegistry.sol│   │   ├── HubCoreRegistry.sol│   │   ├── OracleRegistry.sol│   │   ├── SpokeCoreRegistry.sol│   │   └── TokenRegistry.sol│   ├── swap│   │   └── SwapModule.sol│   └── utils│       ├── MakinaContext.sol│       └── MakinaGovernable.sol└── src-ir    └── WeirollVM.sol

• makina-periphery

.├── depositors│   └── DirectDepositor.sol├── factories│   └── HubPeripheryFactory.sol├── fee-managers│   └── WatermarkFeeManager.sol├── flashloans│   └── FlashloanAggregator.sol├── interfaces│   ├── IAsyncRedeemer.sol│   ├── IDirectDepositor.sol│   ├── IFlashloanAggregator.sol│   ├── IHubPeripheryFactory.sol│   ├── IHubPeripheryRegistry.sol│   ├── IMachinePeriphery.sol│   ├── IMakinaPeripheryContext.sol│   ├── ISecurityModule.sol│   ├── ISecurityModuleReference.sol│   ├── IWatermarkFeeManager.sol│   └── IWhitelist.sol├── libraries│   └── Errors.sol├── redeemers│   └── AsyncRedeemer.sol├── registries│   └── HubPeripheryRegistry.sol├── security-module│   ├── SecurityModule.sol│   └── SMCooldownReceipt.sol└── utils    ├── MachinePeriphery.sol    ├── MakinaPeripheryContext.sol    └── Whitelist.sol

Out Of Scope

• All findings in Audits:

  • https://drive.google.com/drive/folders/1X5Ms_OySRBcXeHpHmg0dR7pUrNEpaO3V?usp=sharing

• Any issues noted wontfix:

  • https://github.com/MakinaHQ/makina-core/issues?q=is%3Aissue%20label%3Ainvalid%2Cwontfix
  • https://github.com/MakinaHQ/makina-periphery/issues?q=is%3Aissue%20label%3Awontfix%2Cinvalid

• Issues related exclusively to Fee-on-Transfer ERC20s

• Issues related exclusively to Rebasing ERC20s

• DAO infra / strat configuration errors (wrong/malicious addresses being set etc)

• Invalid arguments in setters (addresses, bps, durations…)

• Minor gas optimisations impacting code readability

• Inconsistencies / faulty behaviour in strategies due to hub chain not being Ethereum Mainnet

• Incapability to bridge funds between chains due to external bridges downtime

• Incapability to propagate accounting from a spoke chain due to wormhole CCQ not being operational there

• RPCs returning wrong data to wormhole CCQ leading to faulty share price

• Incapability to account due to oracle downtime / shutting down

• Faulty accounting due to oracle staleness and/or OracleRegistry staleness threshold too big

• Faulty accounting due to oracle compromise

• Accounting imprecision linked to oracle prices computation

• External protocol compromise causing loss of funds in strategies

• External protocol downtime causing incapability to account for a position

• Any loss of funds or share price inconsistency caused by faulty instructions, including but not limited to:

  • Loss of funds due to faulty instructions
  • Accounting inconsistency due to
    • Faulty accounting instruction
    • conflict between positions tokens and base tokens
    • Faulty/incomplete affectedTokens list or group ID
    • Instruction spending assets not registered as base tokens
    • Low liquidity / easily manipulable pools used to price tokens

• Loss of funds caused by operator unable to react fast enough in case of emergency

• Loss of funds caused by reckless incompetent operators (liquidation, overconcentration, illiquidity)

• Losses caused by oracle price/liquidity pool manipulation, where an unchecked synchronous deposit is used

• User able to extract of value through frontrunning share prices updates (depositors are non-maliscious)

• Losses caused to LPs of external liquidity pools holding Machine Tokens

• Operator capability to extract small amount of AUM (within max loss bounds set in contracts)

• Issues related to un-implemented deposit/redeem modules (atomic redemption / permissionless deposits)

• Operator setting wrong bridge data hash on the receiver side

• Too large amounts causing overflows during calculations

• Issues related to non-standard flash loan providers

• Token decimals different on multiple chains (looking at you BSC)

• Blockchains with legacy solidity versions or non standard EVM implementations

• Blockchains shutting down or becoming unresponsive/unavailable

• Issues related to app, wallets, user interfaces etc.

• Issues related to collusion of DAO/SecurityCouncil/RiskManager/Operator

• Known issues: Operator should always submit transactions through privacy preserving relays, and not through public mempools

• Any offchain infrastructure at *.makina.finance

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.