OpportunitiesLeaderboardAbout Cantina
Balancer / balancer-v3

Balancer / balancer-v3

OverviewLeaderboard

Balancer is a decentralized automated market maker (AMM) protocol built on Ethereum with a clear focus on fungible and yield-bearing liquidity. Balancer's success is intrinsically linked to the success of protocols and products built on the platform. Balancer v3’s architecture focuses on simplicity, flexibility, and extensibility at its core. The v3 vault more formally defines the requirements of a custom pool, shifting core design patterns out of the pool and into the vault.

Prize distribution and scoring

  • Total Prize Pool: $500,000

  • Primary Prize Pool: $475,000

  • The prize distribution has 3 possible triggers:

    • If one or more valid medium severity findings are found, the total pot size is $125,000
    • If one or more valid high severity findings are found, the total pot size is $325,000
    • If one or more valid critical severity findings are found, the total pot size is $500,000

  • $25,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

    • 1st: $10k
    • 2nd: $5k
    • 3rd: $4k
    • 4th: $3k
    • 5th: $3k

Severity Definitions

Please note that the competition has an additional Critical severity, here are the severity definitions and conditions applied on these severities.

For TVL percentage values, assume the total TVL is the same as in the current Balancer V2 Vault across all chains approximate $760M

Critical severity:

  • Critical severity is unlocked if a High severity finding results in losses across all pools or all buffers registered in the Vault, no matter their type. Any finding that breaks pool balance or buffer balance isolation qualifies as critical.
  • Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the finding to be considered Critical with absolutely no ambiguity.

High severity:

  • High severity is unlocked if
    • The finding results in losses of all of the funds of a valid pool type (Weighted, Stable), or a registered buffer (AAVE, Morpho, Yearn, using the ERC4626 wrapper contracts that can be found in the fork tests).
      • Invalid pool types, tokens, rate providers or ERC4626 wrappers that are malicious by design are out of scope. If a malicious pool or wrapper can break pool isolation and drain value beyond what is deposited to them, the finding qualifies as a critical.
    • Fees collected across all pools (swap and yield) can be stolen.
    • User granted approvals to router can be used by anyone

Medium severity:

  • A DoS that can prevent access to more than 5% of total TVL for more than 1 minute, for less money than the value of the funds in question.
  • Individual losses (by stealing, wasting or permanently freezing) impacting at least 1% of individual users, which lose at least 1% of the funds they put in.
  • Theft of collected fees for an individual pool

Low severity:

  • A DoS that can prevent access to more than 1% of TVL for more than 1 minute, for less money than the value of the funds in question.
  • Any individual losses of at least 1% of their funds.
  • Pool losses with tokens with less than 6 decimals.

Points

  • A Critical Severity finding is worth 20 points.
  • A High severity finding is worth 10 points.(Same as the usual scoring mechanism)
  • A Medium severity finding is worth 3 points.(Same as the usual scoring mechanism)
  • Please note that in case of any ambiguity or categories outside of the above, the Judges+Cantina team will have the final say on the severity of the findings.
  • Please read the following description of how to submit a good finding
  • Scoring described in the competition scoring page.
  • Findings Severities described in detail on our docs page.

Documentation

Scope

  • Repository: https://github.com/balancer/balancer-v3-monorepo
  • Commit: 147823666ff6556de2a01c6762ed688ab81a6a33
  • Files: Everything inside
    • pkg/vault/contracts (and dependencies)
    • pkg/pool-weighted/contracts/WeightedPool.sol (and dependencies)
    • pkg/pool-stable/contracts/StablePool.sol (and dependencies)

Build Instructions

Out of scope

Non-standard token types:

  • Rebasing tokens (e.g. stETH)
  • Double entrypoint (e.g. CELO)
  • More than 18 decimals
  • Tax on transfer.
  • Fee discounts on pools with tokens with less than 6 decimals

Swap fee equivalence

  • Swaps can be performed using unbalanced add / remove liquidity operations. In general, these should be less convenient than a direct swap. There might be edge cases in which the trader can get a small fee rebate when compared to the direct swap path. This is a known side effect of the design, and is not a problem (unless it leads to a loss of funds in the pool, which is a high severity issue).

Note: For TVL percentage values, assume the TVL is the same as in the current Balancer V2 Vault.

Previous Audit Reports

https://github.com/balancer/balancer-v3-monorepo/tree/main/audits

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

Summary

Status

Completed

Total reward:

$500,000

Findings submitted:

275

Start date:

15 Oct 2024 3:00pm (local time)

End date:

5 Nov 2024 8:00pm (local time)