Centrifuge / Centrifuge
Centrifuge is the infrastructure that facilitates the decentralized financing of real-world assets natively on-chain, creating a fully transparent market which allows borrowers and lenders to transact without unnecessary interme- diaries. The protocol aims to lower the cost of borrowing for businesses around the world, while providing DeFi users with a stable source of collateralized yield that is uncorrelated to the volatile crypto markets. Centrifuge Chain is the layer 1 chain built on Substrate, where asset managers tokenize and manage pools of real-world assets. Liquidity is aggregated from any L1 or L2, through Liquidity Pools, which provides a fully-native investment experience to users on any supported Ethereum-based chain. For example, Liquidity Pools deployed on Base allows for Base users to invest funds into a pool of Real-World Assets on Centrifuge — all without having to move off of Base or use a different wallet.
Prize distribution and scoring
Total Prize Pool: $125,000
Primary Prize Pool: $115,000
- The primary prize distribution has 2 possible triggers:
- If one or more valid medium severity findings are found, the Primary pot size is $25,000
- If one or more valid high severity findings are found, the Primary pot size is $115,000
- Scoring described in the competition scoring page.
- Findings Severities described in detail on our docs page.
- $10,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.
- 1st: $5k
- 2nd: $2.5k
- 3rd: $1.25k
- 4th: $625
- 5th: $625
Documentation
Scope
Repo: Centrifuge Chain
Contracts
| File | SLOC |
|---|---|
| pallets/liquidity-pools-gateway-queue/src/lib.rs | 170 |
| pallets/liquidity-pools-gateway/src/message.rs | 14 |
| pallets/liquidity-pools-gateway/src/lib.rs | 440 |
| pallets/liquidity-pools-gateway/src/message_processing.rs | 362 |
| pallets/liquidity-pools/src/message.rs | 826 |
| pallets/liquidity-pools/src/lib.rs | 934 |
| pallets/liquidity-pools/src/hooks.rs | 96 |
| pallets/liquidity-pools/src/gmpf/error.rs | 35 |
| pallets/liquidity-pools/src/gmpf/ser.rs | 244 |
| pallets/liquidity-pools/src/gmpf/de.rs | 193 |
| pallets/liquidity-pools/src/inbound.rs | 140 |
| pallets/foreign-investments/src/lib.rs | 180 |
| pallets/foreign-investments/src/impls.rs | 168 |
| pallets/foreign-investments/src/entities.rs | 301 |
| pallets/foreign-investments/src/swaps.rs | 115 |
| pallets/order-book/src/lib.rs | 591 |
| pallets/token-mux/src/lib.rs | 267 |
| pallets/investments/src/lib.rs | 1045 |
| runtime/common/src/routing.rs | 96 |
| libs/types/src/domain_address.rs | 89 |
| libs/types/src/tokens.rs | 467 |
| libs/types/src/investments.rs | 125 |
| libs/traits/src/investments.rs | 153 |
| libs/traits/src/liquidity_pools.rs | 82 |
| libs/traits/src/swaps.rs | 64 |
| Total | 7197 |
Code Overview
Build Instructions
- All instructions are present in the document here
Out of scope
- Centrifuge Chain Runtime configuration of pallets
- However, findings on possible misconfiguration of pallets in scope will be considered
- Any issue that requires governance or admin actions
- Adding assets is controlled by CFG governance, and governance will only add standard tokens (limited to reasonable decimals i.e. <= 18), no rebasing tokens, fee-on-transfer tokens, tokens with callbacks, etc.
- Any issues from Solidity LP audits that also apply to logic of Rust code
- Any sections of the files in scope under
#[cfg(test)]or feature-gated byruntime-benchmark - Overestimated weights
- Forwarding not implemented on Solidity side
- Tranche tokens can be stuck if a cross-chain transfer is performed to a destination that is not a member, or an invalid domain, or an invalid address
- Gas for routing is not paid automatically
- Batches can be submitted that are overweight on the destination domain
- Liquidity can be locked if a pool admin disallows all assets
- Investments are only fulfilled if the
collect_investments/redemptions_formethod is triggered by a user or bot on Centrifuge Chain - Previous Security Audits
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
CompletedTotal reward:
$125,000
Findings submitted:
315
Start date:
19 Aug 2024 8:00pm (local time)
End date:
16 Sep 2024 8:00pm (local time)