Curvance / curvance
Curvance Competition
Competition at a glance
- Monday, February 26th 20:00 UTC to Thursday, April 15th 20:00 UTC
- Total Prize Pool: $375,000
What is Curvance
Curvance at a glance
Curvance is a cross-chain money market for yield bearing assets. Maximize yield while leveraging the full value of your assets. Curvance simplifies DeFi, with a modular system capable of creating complex strategies for users in a single click.
Curvance operates as a hybrid model between a yield optimizer and a cross-margin money market. This model has various characteristics atypical for incumbent money markets such as:
- Collateral deposits and debt deposits receive two different types of tokens, collateral tokens (cTokens) and debt tokens (dTokens).
- Rehypothecation has been removed. This allows for the support of long-tail assets which, if borrowable, could introduce systemic risk to DeFi.
- "Collateral Posting", by introducing a hybrid model, users can yield farm an unlimited amount of assets, but, to leverage the corresponding money market, the collateral must be "posted", like a perpetual exchange. Collateral posting has restrictions on the total amount of exogenous risk allowed to be introduced into the system.
- Dynamic Interest Rates with interest rate decay, vertex slope can be adjusted upward or downward based on utilization similar to kashi, however, a new continuous negative decay rate is applied every cycle when interest rates slope is elevated.
- Dynamic liquidation engine allows for more nuanced position management inside the system. Introduces a sliding scale of liquidation between light soft liquidations and aggressive hard liquidations.
- Bad debt socialization, when a user's debt is greater than their collateral assets, the entire user's account can be liquidated with lenders paying any collateral shortfall.
- Crosschain gauge system, introducing of gauge system allowing reward streaming to collateral depositors and lenders. With the ability to configure by token and no limit on the number of different token rewards streamed.
- Delegated actions, ability to delegate user actions to any address, allowing for support for things like limit orders, DCA, take profit, crosschain borrowing, crosschain lending. Some of these are built already in this repo, others are not.
Prize distribution and scoring
- Scoring described in the competition scoring page.
- Findings Severities described in detail on our docs page.
- Only High and Medium findings would be accepted.
Documentation
Scope
The "contracts" folder contains all the smart contracts you will be auditing, excluding:
- mocks
- libraries/external
- interfaces/external
Two solady contracts developed by Vectorized have been included in the audit as we are huge advocates for highly optimized versions of common contract formats and would like to see these fully audited. This means the partial FixedPointMathLib contract, and ERC4626 contracts inside the library folder are intentionally included, and are considered in scope.
- Repository: github.com/curvance/Curvance-CantinaCompetition
- Commit: c01e6bda82a60ac4842bf0d3363d63e89c870758
- Total LOC: 15558 (excluding interfaces)
| File | blank | comment | code |
|---|---|---|---|
| Architecture | |||
| ./architecture/CentralRegistry.sol | 226 | 444 | 607 |
| ./architecture/FeeAccumulator.sol | 122 | 202 | 536 |
| ./architecture/ProtocolMessagingHub.sol | 73 | 142 | 353 |
| ./architecture/blastNative/BlastNativeYieldManager.sol | 82 | 132 | 292 |
| ./architecture/utils/SimpleRewardZapper.sol | 86 | 157 | 240 |
| ./architecture/FeeTokenBridgingHub.sol | 36 | 41 | 166 |
| ./architecture/CVELocker.sol | 87 | 225 | 360 |
| ./architecture/OneBalanceFeeManager.sol | 34 | 36 | 103 |
| ./architecture/CurvanceDAOTimelock.sol | 14 | 14 | 52 |
| ./architecture/blastNative/BlastCentralRegistry.sol | 28 | 44 | 83 |
| ./architecture/blastNative/BlastFeeAccumulator.sol | 5 | 2 | 12 |
| ./architecture/utils/blastNative/BlastSimpleRewardZapper.sol | 5 | 2 | 12 |
| ./architecture/blastNative/BlastProtocolMessagingHub.sol | 5 | 2 | 10 |
| ./architecture/blastNative/BlastCVELocker.sol | 5 | 2 | 9 |
| Gauge | |||
| ./gauge/GaugePool.sol | 102 | 197 | 425 |
| ./gauge/GaugeController.sol | 32 | 49 | 116 |
| ./gauge/GaugeErrors.sol | 1 | 1 | 12 |
| ./gauge/blastNative/BlastGaugePool.sol | 5 | 2 | 10 |
| Interfaces | |||
| ./interfaces/market/IMarketManager.sol | 25 | 116 | 90 |
| ./interfaces/ICentralRegistry.sol | 48 | 63 | 78 |
| ./interfaces/market/IMToken.sol | 25 | 102 | 53 |
| ./interfaces/IVeCVE.sol | 11 | 39 | 36 |
| ./interfaces/ICVELocker.sol | 14 | 65 | 31 |
| ./interfaces/market/IInterestRateModel.sol | 1 | 32 | 30 |
| ./interfaces/IProtocolMessagingHub.sol | 7 | 34 | 26 |
| ./interfaces/IERC20.sol | 14 | 32 | 25 |
| ./interfaces/IGaugePool.sol | 5 | 27 | 25 |
| ./interfaces/IOracleRouter.sol | 7 | 45 | 25 |
| ./interfaces/blast/IBlastNativeYieldManager.sol | 1 | 27 | 22 |
| ./interfaces/market/IPositionFolding.sol | 2 | 22 | 15 |
| ./interfaces/IOracleAdaptor.sol | 3 | 17 | 14 |
| ./interfaces/IRewardStaking.sol | 11 | 1 | 14 |
| ./interfaces/IFeeAccumulator.sol | 2 | 4 | 12 |
| ./interfaces/ICVXLocker.sol | 3 | 4 | 10 |
| ./interfaces/IGelatoOneBalance.sol | 2 | 1 | 9 |
| ./interfaces/ICVE.sol | 5 | 21 | 8 |
| ./interfaces/IExternalCallDataChecker.sol | 2 | 7 | 8 |
| ./interfaces/IERC20Metadata.sol | 5 | 5 | 7 |
| ./interfaces/IDelegateRegistry.sol | 3 | 1 | 6 |
| ./interfaces/IWETH.sol | 2 | 1 | 5 |
| ./interfaces/blast/IBlastCentralRegistry.sol | 2 | 1 | 5 |
| ./interfaces/IERC165.sol | 1 | 18 | 4 |
| ./interfaces/ITimelock.sol | 1 | 3 | 4 |
| Libraries | |||
| ./libraries/ERC4626.sol | 51 | 260 | 216 |
| ./libraries/VelodromeLib.sol | 37 | 69 | 199 |
| ./libraries/CurveLib.sol | 22 | 35 | 123 |
| ./libraries/BalancerLib.sol | 15 | 30 | 104 |
| ./libraries/SwapperLib.sol | 27 | 49 | 104 |
| ./libraries/Delegable.sol | 23 | 55 | 66 |
| ./libraries/FixedPointMathLib.sol | 23 | 83 | 93 |
| ./libraries/Bytes32Helper.sol | 13 | 19 | 31 |
| ./libraries/ReentrancyGuard.sol | 7 | 21 | 27 |
| ./libraries/BlastYieldDelegable.sol | 7 | 12 | 23 |
| ./libraries/CommonLib.sol | 5 | 8 | 15 |
| ./libraries/Constants.sol | 7 | 7 | 7 |
| Market | |||
| ./market/MarketManager.sol | 207 | 587 | 926 |
| ./market/collateral/DToken.sol | 192 | 507 | 731 |
| ./market/utils/ComplexZapper.sol | 73 | 289 | 478 |
| ./market/collateral/CTokenBase.sol | 103 | 389 | 459 |
| ./market/LiquidityManager.sol | 60 | 268 | 445 |
| ./market/DynamicInterestRateModel.sol | 85 | 408 | 444 |
| ./market/collateral/CTokenCompounding.sol | 96 | 274 | 398 |
| ./market/utils/PositionFolding.sol | 85 | 203 | 361 |
| ./market/collateral/AuraCToken.sol | 61 | 80 | 217 |
| ./market/collateral/GMCToken.sol | 65 | 67 | 205 |
| ./market/utils/SimpleZapper.sol | 50 | 98 | 202 |
| ./market/collateral/Convex2PoolCToken.sol | 62 | 72 | 189 |
| ./market/collateral/Convex3PoolCToken.sol | 62 | 72 | 189 |
| ./market/collateral/CTokenPrimitive.sol | 48 | 130 | 186 |
| ./market/collateral/PendleLPCToken.sol | 48 | 62 | 182 |
| ./market/checker/CallDataCheckerFor1Inch.sol | 27 | 10 | 164 |
| ./market/collateral/AerodromeStableCToken.sol | 44 | 64 | 156 |
| ./market/collateral/VelodromeStableCToken.sol | 44 | 63 | 156 |
| ./market/collateral/AerodromeVolatileCToken.sol | 42 | 63 | 153 |
| ./market/collateral/VelodromeVolatileCToken.sol | 44 | 54 | 153 |
| ./market/collateral/StakedGMXCToken.sol | 37 | 38 | 100 |
| ./market/checker/CallDataCheckerBase.sol | 20 | 34 | 75 |
| ./market/collateral/CTokenCompoundingWithExitFee.sol | 23 | 57 | 47 |
| ./market/collateral/blastNative/BlastCTokenCompounding.sol | 13 | 15 | 41 |
| ./market/utils/BorrowZapper.sol | 15 | 17 | 49 |
| ./market/collateral/blastNative/BlastDToken.sol | 5 | 2 | 16 |
| ./market/utils/blastNative/BlastComplexZapper.sol | 5 | 2 | 14 |
| ./market/utils/blastNative/BlastSimpleZapper.sol | 5 | 2 | 14 |
| ./market/blastNative/BlastMarketManager.sol | 5 | 2 | 12 |
| ./market/utils/blastNative/BlastPositionFolding.sol | 5 | 2 | 12 |
| ./market/utils/blastNative/BlastBorrowZapper.sol | 5 | 2 | 10 |
| Misc | |||
| ./misc/CVEInitialDistribution.sol | 49 | 68 | 196 |
| ./misc/CurvanceDAOLBP.sol | 56 | 66 | 189 |
| Oracles | |||
| ./oracles/OracleRouter.sol | 133 | 374 | 497 |
| ./oracles/adaptors/curve/Curve2PoolLPAdaptor.sol | 59 | 124 | 234 |
| ./oracles/adaptors/gmx/GMAdaptor.sol | 56 | 73 | 173 |
| ./oracles/adaptors/chainlink/ChainlinkAdaptor.sol | 50 | 100 | 165 |
| ./oracles/adaptors/uniswap/UniswapV3Adaptor.sol | 48 | 70 | 155 |
| ./oracles/adaptors/api3/Api3Adaptor.sol | 47 | 87 | 142 |
| ./oracles/adaptors/redstone/BaseRedstoneCoreAdaptor.sol | 44 | 95 | 132 |
| ./oracles/adaptors/uniV2Base/BaseStableLPAdaptor.sol | 33 | 79 | 127 |
| ./oracles/adaptors/balancer/BalancerStablePoolAdaptor.sol | 42 | 60 | 123 |
| ./oracles/adaptors/pendle/PendlePrincipalTokenAdaptor.sol | 42 | 62 | 119 |
| ./oracles/adaptors/pendle/PendleLPTokenAdaptor.sol | 41 | 63 | 118 |
| ./oracles/adaptors/uniV2Base/BaseVolatileLPAdaptor.sol | 32 | 71 | 99 |
| ./oracles/adaptors/wrappedAggregators/BaseWrappedAggregator.sol | 22 | 32 | 88 |
| ./oracles/adaptors/curve/CurveBaseAdaptor.sol | 24 | 29 | 66 |
| ./oracles/adaptors/redstone/ArbitrumRedstoneCoreAdaptor.sol | 12 | 11 | 20 |
| ./oracles/adaptors/redstone/EthereumRedstoneCoreAdaptor.sol | 12 | 11 | 20 |
| ./oracles/adaptors/wrappedAggregators/SavingsDaiAggregator.sol | 6 | 7 | 25 |
| ./oracles/adaptors/wrappedAggregators/StakedFraxAggregator.sol | 7 | 7 | 24 |
| ./oracles/adaptors/wrappedAggregators/WstETHAggregator.sol | 7 | 6 | 24 |
| ./oracles/adaptors/velodrome/VelodromeVolatileLPAdaptor.sol | 15 | 15 | 40 |
| ./oracles/adaptors/camelot/CamelotStableLPAdaptor.sol | 15 | 15 | 36 |
| ./oracles/adaptors/camelot/CamelotVolatileLPAdaptor.sol | 15 | 15 | 36 |
| ./oracles/adaptors/velodrome/VelodromeStableLPAdaptor.sol | 15 | 15 | 36 |
| ./oracles/adaptors/balancer/BalancerBaseAdaptor.sol | 15 | 46 | 29 |
| ./oracles/adaptors/BaseOracleAdaptor.sol | 19 | 30 | 40 |
| Token | |||
| ./token/VeCVE.sol | 191 | 471 | 784 |
| ./token/OCVE.sol | 55 | 57 | 184 |
| ./token/CVE.sol | 53 | 81 | 156 |
| ./token/ChildCVE.sol | 27 | 39 | 86 |
| ./token/blastNative/BlastCVE.sol | 5 | 2 | 8 |
| ./token/blastNative/BlastVeCVE.sol | 5 | 2 | 8 |
| SUM: | 4333 | 9363 | 16120 |
Out of scope
- Out of scope detailed in CANTINA_README.md#areas-considered-out-of-scope
Out of scope automated findings generated by LightChaserV3
Build Instructions
The project readme details the build instructions.
Basic Proof Of Concept test
From the CANTINA_README:
### TestsAttached in this repo you will find just over 1,000 tests in categories such as unit tests/integration tests/stateless fuzzing tests. Additionally, you will also find a substantial stateful fuzzing testing harness with just over 200 invariants tests. This was built in collaboration with Trail of Bits and covers VeCVE and most of the Curvance Money Markets. You can also find an attached readme in the fuzzing suite folder covering running the harness locally or in the cloud. Other tests can be ran simply via forge tests. Additional information on running the test suite can be found in the repo readme.
### Proof of ConceptsAs part of the test suite inside Curvance, you will find many testing base contracts that set up Curvance and test various functionality. These are perfect to utilize when you want to work on a proof on concept for a bug. Feel free to mess around with test suite and to modify the testing deployments for whichever scenarios you would like to explore.Contact Us
For any issues or concerns regarding this competition, please reach out to core-team on discord.
Summary
Status
CompletedTotal reward:
$375,000
Findings submitted:
797
Start date:
27 Feb 2024 1:45am (local time)
End date:
15 Apr 2024 8:00pm (local time)