YOLO Games
Total reward
$27,500
Status
Completed
Findings submitted
199
Start date
27 May 2024
End date
8 Jun 2024
YOLO Games is the hub of degen gaming. Play and earn across a range of provably fair, on-chain games.
We have developed 4 new games where players play against the liquidity pool.
-
Flipper - pick a side on a provably fair coin. If it lands on your predicted side, you win. If not, you lose.
-
Quantum - pick a number between 0.1 (1000x multiplier) and 95.00285 (1.0526x multiplier). Then select whether you want to 'hit' over or under it.
-
Laser Blast - you'll fire beams through an asteroid field to decimate the pesky invaders. Each one has a multiplier attached, representing the return you'll earn should you hit them. Adjust the number of rows of asteroids and risk level as you see fit!
-
Don't Fall In - Ever played Minesweeper? You're presented with panels arranged in a 5x5 grid, which you'll need to jump on. In doing so, you'll reveal what lies beneath: firm ground, or a pool of molten lava. If it's the latter, it's game over. The former? Congrats, you live to flip another panel --- or, you can quit while you're ahead, and cash out.
Prize distribution and scoring
Total Prize Pool $27,500
- Scoring described in the competition scoring page.
- Findings Severities described in detail on our docs page.
- Only High and Medium findings would be accepted for Total Prize Pool.
Documentation
Please refer the competition repository README for the documention on the YOLO Games contract. Additional documentation:
- YG Probability and Liquidity Provisions
- YG_Liquidity Pool Simulations
- YG Multipliers and probabilities
Scope
Contracts
| Contract | nSLOC | Comments |
|---|---|---|
DontFallIn.sol | 379 | 171 |
ERC20LiquidityPool.sol | 55 | 24 |
EthLiquidityPool.sol | 60 | 24 |
Flipper.sol | 191 | 77 |
Game.sol | 218 | 122 |
GameConfigurationManager.sol | 199 | 118 |
LaserBlast.sol | 279 | 134 |
LiquidityPool.sol | 84 | 52 |
LiquidityPoolRouter.sol | 372 | 188 |
Quantum.sol | 220 | 112 |
Code Overview
Build Instructions
*yarn install \--ignore-scripts*
*forge install foundry-rs/forge-std*
*forge install dapphub/ds-test*
*forge install gelatodigital/vrf-contracts*
*FOUNDRY_PROFILE=local forge test*Proof of Concept Instructions
A basic POC can be found inside the repo:
-test/foundry/AttackPoC.t.sol
Out of scope
-
Previous security review:
-
Standard tokens used:
- ETH
- Any non-rebasing and non-taxing ERC-20 tokens except USDB
-
Chains:
- Blast
-
Admin/Permissioned roles
-
Claim WETH/USDB yield
-
Connect games to liquidity pools
-
Disconnect games from liquidity pools
-
Set elapsed time required for refund
-
Set maximum number of rounds
-
Set liquidity pool limit
-
Set Kelly Fraction basis points
-
Set VRF parameters
-
Set fee recipients
-
Set game fee split
-
Set LaserBlast multipliers
-
Pause/Unpause liquidity pools
-
Out of scope automated findings generated by LightChaser
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.