Sorella Labs / sorella-angstrom

The Angstrom Core contracts which you’ll be reviewing are at the heart of the larger Angstrom protocol. Angstrom as a whole is a hybrid DEX/limit order book protocol which combines several novel primitives into a unique efficient, trustless, MEV-minimizing exchange. The contract handles settlement and fee collection, validating orders, drawing token balances & rewarding LPs. Angstrom builds on top of Uniswap V4 via hooks & will leverage restaking to secure its off-chain network that is responsible for collecting, matching and submitting orders for final settlement.

Prize distribution and scoring

• Total Prize Pool: $150,000

• Primary Prize Pool: $140,000

• The prize distribution has 2 possible triggers:

  • If one or more valid medium severity findings are found, the total pot size is $60,000
  • If one or more valid high severity findings are found, the total pot size is $150,000

• $10,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

  • 1st: $5k
  • 2nd: $2.5k
  • 3rd: $1.2k
  • 4th: $650
  • 5th: $650

• Scoring described in the competition scoring page.

• Findings Severities described in detail on our docs page.

Documentation

• Smart contract documentation can be found under /docs from the main /contracts folder.
• We mainly interact with Uniswap V4 as a hook but also use several libraries from Solady & transient-goodies a helper library for transient storage.

Scope

• Repository: https://github.com/sorellaLabs/Angstrom

• Commit: 164ea6260935868bff55a05c9a9c98fc4e938716 (Branch: feat/last-minute-pre-comp-cleanup )

• Total LOC: 2432

• Files:

  src  
  ├── Angstrom.sol  
  ├── Constants.sol  
  ├── interfaces  
  │   ├── IAngstromComposable.sol  
  │   ├── IDaiPermit.sol  
  │   ├── IERC2612.sol  
  │   ├── IHooks.sol  
  │   └── IUniV4.sol  
  ├── libraries  
  │   ├── MixedSignLib.sol  
  │   ├── PoolConfigStore.sol  
  │   ├── RayMathLib.sol  
  │   ├── SignatureLib.sol  
  │   ├── StoreDeployer.huff  
  │   ├── TickLib.sol  
  │   └── X128MathLib.sol  
  ├── modules  
  │   ├── GrowthOutsideUpdater.sol  
  │   ├── OrderInvalidation.sol  
  │   ├── PermitSubmitterHook.sol  
  │   ├── PoolUpdates.sol  
  │   ├── Settlement.sol  
  │   ├── TopLevelAuth.sol  
  │   └── UniConsumer.sol  
  └── types  
    ├── Asset.sol  
    ├── CalldataReader.sol  
    ├── ConfigEntry.sol  
    ├── DeltaTracker.sol  
    ├── HookBuffer.sol  
    ├── Pair.sol  
    ├── PoolRewards.sol  
    ├── PoolUpdateVariantMap.sol  
    ├── Positions.sol  
    ├── Price.sol  
    ├── SwapCall.sol  
    ├── ToBOrderBuffer.sol  
    ├── ToBOrderVariantMap.sol  
    ├── TypedDataHasher.sol  
    ├── UserOrderBuffer.sol  
    └── UserOrderVariantMap.sol  
  

• External libraries: Methods & types from external libraries we use (solady, super-sol, transient-goodies) are also in scope but only to the extent that there is an impact on Angstrom

Build Instructions

• Build instructions can be found in the readme.

Out of scope

• Issues already uncovered in our Spearbit Security Review that were acknowledged: security-reviews/spearbit-1.pdf
• Key assumptions of the protocol that are guaranteed by our off-chain node network outlined in docs/Overview.md (under Assumptions)
• Other known issues outlined under docs/known-issues.md

• Automated findings by Lightchaser
  • Sorella report

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.