CircuitDAO / circuit-puzzles

Circuit is a DeFi protocol built on the Chia blockchain.

Specifically, Circuit is a collateralized debt position (CDP) protocol that allows users to borrow Bytecash (BYC), a USD stablecoin issued by the protocol, against XCH, the native token of Chia. Circuit is written in chialisp. Read more about chialisp here

Prize distribution and scoring

• Total Prize Pool: $ 100,000

• Primary Prize Pool: $ 95,000

• The prize distribution has 3 possible triggers:

  • If one or more valid critical severity findings are found, the total pot size is $100,000
  • If only one or more valid high severity findings are found, the total pot size is $85,000
  • If only one or more valid medium severity findings are found, the total pot size is $50,000

• $5,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

  • 1st: $2.5k
  • 2nd: $1.25k
  • 3rd: $750
  • 4th: $375
  • 5th: $375

Point Calculation

• A critical severity finding is worth 30 points.
• A high severity finding is worth 10 points.
• A medium severity finding is worth 3 points.
• Scoring described in the competition scoring page.

Severity Definitions:

• Critical

  • Loss of User Funds: A vulnerability that could lead to user funds being stolen or lost.
  • Major Depegs: A vulnerability that could lead to a significant de-peg from which the protocol is likely to not recover (eg by systematically being able to force vaults into undercollateralization).
  • Major Loss of Protocol Funds: A vulnerability that could lead to a significant amount of protocol funds being stolen or lost.
  • Breaks Core Functionality: Causes a failure in fundamental protocol operations (incl governance operations)

• High

  • Minor Depegs: A vulnerability that could lead to a significant depeg from which the protocol is likely to recover.
  • Minor Loss of Protocol Funds: A scenario where protocol funds could be exposed or small amounts could be stolen or lost. This could happen in case of non-systemic bugs in treasury operations, surplus or recharge auctions, or in edge cases like token price manipulation, where there isn’t a widespread risk.

• Medium

  • Temporary Disruption or DoS: A bug in the smart contracts that leads to temporary downtime or a denial of service (DoS). This may cause users to experience disruptions, but doesn’t necessarily compromise the security of the protocol.
  • Breaks Non-Core Functionality

• Low:

  • No Assets at Risk: Issues affecting state handling, incorrect function implementation, or logic errors that do not threaten assets.

Documentation

• Protocol Documentation
• Code walkthrough

Scope

• Repository: https://github.com/circuitdao/puzzles
• Commit: d0ad16280dfe0139abfa4db6c22de58c5c48b04a
• Total LOC: ca. 6750
• Files: all .clsp and .clib files

Build Instructions

• To be able to run tests, please submit a request to sign NDA here: CircuitDAO NDA Form

  • Once you sign the NDA you will be given access to this private cantina repository. Please do not submit issues or add comments in this repository. This private repo is to be used only to test code.

• Mandatory POC does not apply here. However POC must be provided upon request.

Out of scope

• Expected behaviors such as trusted/untrusted roles and/or any accepted risks:
  • Data provider collusion
  • The majority of governance token holders colluding

Known issues

• All issues identified in these reports are supposed to have been fixed in the commit used for the competition (see above), so if there’s something wrong with the fixes that should absolutely be in-scope):

  • Zellic Report
  • Immunefi IOP report

• The primary defense against announcer collusion by a large proportion of approved announcers is for governance to replace the oracle. However, no alternative oracle puzzle has been developed yet that would allow governance to immediately blacklist malicious announcers.

• Proposing and vetoing a bill is done via two individual governance coins. This means that smaller CRT holders wishing to participate in governance processes will typically need to do so by delegating their CRT to a third-party ('delegate') who aggregates CRT from several parties and performs governance operations on their behalf. No inner puzzles for use by delegates have been developed yet.

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.