OpportunitiesLeaderboardAbout Cantina
InfinityPools / infinitypools

InfinityPools / infinitypools

OverviewLeaderboard

InfinityPools is a decentralized exchange that can offer unlimited leverage on any asset, with no liquidations, no counterparty risk and no oracles.

In order to mitigate liquidation risk, futures exchanges limit the maximum leverage available, the assets that can be traded and position sizes. Furthermore, traders are also subject to liquidation penalties that eat into their expected returns.

Leverage is often necessary as investing is only worth a person’s time if the return upside is high enough. InfinityPools found a way to get rid of these constraints and make "good" leverage accessible to everyone.

Prize distribution and scoring

  • Total Prize Pool: $150,000

  • Primary Prize Pool: $146,500

  • The prize distribution has 2 possible triggers:

    • If one or more valid medium severity findings are found, the total pot size is $30,000
    • If one or more valid high severity findings are found, the total pot size is $150,000

  • $3,500 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: $1500
    • 2nd: $750
    • 3rd: $500
    • 4th: $500
    • 5th: $250

  • Scoring described in the competition scoring page.

  • Findings Severities described in detail on our docs page.

High Severity Condition

  • A high-severity finding is contingent upon demonstrating the attack vector using a Proof of Concept (POC) provided by the below.

1. Impact Assessment

  • High: Leads to a loss of a significant portion of assets in the protocol, or significant harm to a majority of users. Core Protocol functionality broken. Permanent locking of funds.
  • Medium: Losses to only a subset of users, but still unacceptable. DOS of funds for days or more.
  • Low: Losses will be annoying but bearable-applies to things like griefing attacks that can could be easily fixed.

2. Likelihood Assessment

  • High: Almost certain to happen, easy to perform, or not easy but highly incentivized.
  • Medium: Only conditionally possible or incentivized, but still relatively likely.
  • Low: There are rare events but are theoretically possible under certain extreme but realistic market conditions

Documentation

Scope

  • Files: Everything in the src/ folder except
    • src/arb
    • src/mock
    • src/periphery/mock
  • Total LOC: 8k

Build Instructions

  1. npm install
  2. forge build

POC

Please note: This POC must be used to prove a high severity finding with realistic conditions.

Out of scope

  • Previous security reports : ABDK audit

  • Currently, only permissioned pool creation is allowed. Changes will be made to the code before enabling permissionless creation. For now, assume the pool creation parameters are correct.

InfinityPools Report

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

Summary

Status

Completed

Total reward:

$150,000

Findings submitted:

293

Start date:

30 Sep 2024 8:00pm (local time)

End date:

28 Oct 2024 8:00pm (local time)