jigsaw-contracts
Total reward
$60,000
Status
Completed
Findings submitted
1,642
Start date
21 May 2025
End date
19 Jun 2025
Jigsaw is a CDP-based stablecoin protocol that brings full flexibility and composability to your collateral through the concept of “dynamic collateral”. Jigsaw leverages crypto’s unique permissionless composability to enable dynamic collateral in a fully non-custodial way. Technically it comprises of two separate repositories: jigsaw-protocol-v1 and jigsaw-strategies-v1. The first one being the core of the protocol managing deposits, vaults, minting, etc, when the second one allows investing of the deposited assets. It’s very important to ensure safe integration of one into another.
Prize distribution and scoring
- Public Prize Pool: $60,000
Additional pay for dedicated Cantina Fellow: $10,000
- Scoring described in the competition scoring page.
- Findings Severities described in detail on our docs page.
Documentation
The Contracts are live. Team will fix any criticals reported that needs to be add. These findings would immediately be considered out of scope once they are fixed publicly.
Scope
Repository 1:
- https://github.com/jigsaw-finance/jigsaw-protocol-v1/tree/dev/src
- Commit:
e8f373e0f5c7416bd0acee800223e6fd6a959494 - Files:
- src/Holding.sol
- src/HoldingManager.sol
- src/JigsawUSD.sol
- src/LiquidationManager.sol
- src/Manager.sol
- src/ReceiptToken.sol
- src/ReceiptTokenFactory.sol
- src/SharesRegistry.sol
- src/StablesManager.sol
- src/StrategyManager.sol
- src/SwapManager.sol
Repository 2:
- https://github.com/jigsaw-finance/jigsaw-strategies-v1
- Commit:
7009245f735aa49d8b2e8d8debc5d7c3f01b75a5 - Files:
- src/aave/AaveV3StrategyV2.sol
- src/dinero/DineroStrategyV2.sol
- src/elixir/ElixirStrategy.sol
- src/extensions/FeeManager.sol
- src/libraries/OperationsLib.sol
- src/libraries/StrategyConfigLib.sol
- src/pendle/PendleStrategyV2.sol
- src/reservoir/ReservoirSavingStrategyV2.sol
- src/staker/StakerLight.sol
- src/staker/StakerLightFactory.sol
- src/StrategyBaseUpgradeableV2.sol
Out of scope
- Previous security reports: see READMEs
- Expected behaviors such as trusted/untrusted roles and/or accepted risks
- Owner is trusted multisig
- Collateral changes not being tracked while invested is accepted risk
- Performance fee can be skipped for Pendle rewards
- Rewards accumulated during a period of zero totalSupply cannot be distributed and will remain locked within the StakerLight
- Manager cannot be updated in Jigsaw USD
- Automated findings by LightChaser
- The following finding has been fixed and would be considered out of scope after the public fix.
Unliquidatable Bad-Debt via Strategy Negative Yield in Liquidation Routines. This has been fixed at: Fix
Basic POC Test
- Mandatory POC rule applies to this competition
Please use BasicContractsFixture contract’s init() in test/fixtures/BasicContractsFixture.t.sol for both repositories.
Note: Ensure .env is filled in correctly, please see the .env.example file.
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.