Whetstone / doppler-contracts
Doppler is a customizable liquidity-bootstrapping Protocol designed for the Uniswap Ecosystem. The entire Protocol is designed for use onchain and eliminates value leakage of value.
Prize distribution and scoring
-
Total Prize Pool: $65,000
-
Scoring described in the competition scoring page.
-
Findings Severities described in detail on our docs page.
Documentation
-
Doppler v4/v3 refer to the corresponding uniswap version, where v4 is the uniswap v4 hook implementation and v3 is a simplified version of the protocol built on uniswap v3
-
V4 readme: https://github.com/whetstoneresearch/doppler/blob/main/README.md
-
For v3 refer to natspec/video (video tbd)
Scope
- Repository: https://github.com/whetstoneresearch/doppler
- Commit:
338d39d6890a6bb98fba92d117c8e69465f9caa5
- Total LOC: approx. 2300 (incl whitespace/imports/comments)
- Files:
- Airlock.sol
- TokenFactory.sol
- DERC20.sol
- UniswapV2Migrator.sol
- Doppler.sol
- UniswapV3Initializer.sol
- Governance.sol
- UniswapV4Initializer.sol
- GovernanceFactory.sol
- interfaces
- Airlock.sol
Build Instructions
- Project uses foundry, must compile with via-ir
- Default profile settings include the foundry configuration required to build the contracts
- Additional utility in
TestScenarios.sh
bash script for varying doppler v4 pool configuration - For v3 integration tests it is recommended to include `MAINNET_RPC_URL` in .env, can use public rpc such as https://eth.llamarpc.com
- Optional v4 initializer integration test uses unichain sepolia deployments, can use public rpc https://sepolia.unichain.org exported as `UNICHAIN_SEPOLIA_RPC_URL`
Basic POC test
- Mandatory POC rule applies for this competition
- V3PocTest.sol
- V4PocTest.sol
Out of scope
- Previous security reports
- Expected behaviors such as trusted/untrusted roles and/or any accepted risks:
- Doppler Owner can set trusted modules and take out fees. Additionally, we accept that there is an edge-case where all assets are sold back, and funds could be locked. We believe this is unsolvable and economically impossible.
- UniswapV3Initializer - price can be manipulated prior to initialization https://hackmd.io/@eQvUMjVEQhKY3brAjTH98A/BJyoA2WPye
- The
create
function in the Airlock contract expects a salt that will be passed to the different modules to deploy several contracts usingCREATE2
. However, a malicious actor could "steal" the salt and frontrun the token deployment, allowing them to manipulate the parameters they want stealthy, without changing the final token address. A potential exploit here would be to include themselves as a recipient of some extra vested tokens, for example. - simply lockPool() is not invoked by the airlock contract
- Few more Known Issues to be added
- Automated findings by Lightchaser https://gist.github.com/ChaseTheLight01/5049f6aebe28ae798bf442f29ece8768
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
CompletedTotal reward:
$65,000
Findings submitted:
101
Start date:
15 Jan 2025 10:00pm (local time)
End date:
22 Jan 2025 8:00pm (local time)