Beraborrow / beraborrow-blockend
Beraborrow is a CDP featuring stablecoin loans backed by native Berachain assets, ETH LSTs, BTC derivatives, yield-bearing stablecoins and Proof of Liquidity assets (iBGT & iBERA).
Based on Prisma Finance architecture (initial fork was done against this commit), which is based on Liquity’s, but enabling multi-collateral support and more control over key collateral parameters.
Introduce a novel tokenized Stability Pool and collaterals are wrapped on CollateralVaults, which makes your collaterals further yield bearing by autocompounding PoL rewards
Prize Distribution and Scoring
-
Total Prize Pool: $52,500
-
Additional pay for dedicated Cantina Researcher 1: $31,250
-
Additional pay for dedicated Cantina Researcher 2: $31,250
Early Submission Incentive
To make sure the code launch is completed on schedule, researchers are incentivized to submit High/Medium severity findings early, ie: as soon as one is found. The first valid submission will be rewarded an additional 20% reward, in comparison to its subsequent duplicates.
- The finding must identify the root cause, highest valid impact and describe the finding with all the necessary details to consider it valid.
- Please note that low quality or vague submissions or submissions that could be subject to interpretations will not be considered for the additional reward.
- The escalation process will not apply for these rewards and there will be no discussion for these rewards. The decision made by the Judges/protocol team on these rewards will be final.
- Example: If a finding has 5 duplicates.
- Using regular each of the duplicates would get $2000 each
- With the current incentive of 20%. The earliest valid submission gets $2307.72, and the rest of the duplicates get $1923.07 each.
Scoring described in the competition scoring page.
Findings Severities described in detail on our docs page.
Documentation
Scope
- https://github.com/Beraborrowofficial/blockend/
- commit hash:
18be80fe0984b4374954939632fd9a9c5634730e- src/core/*
- src/dao/BrimeDen
- src/dao/PollenToken
- src/periphery/* (excluding preDepositHook)
- src/dependencies/*
- src/libraries/*
Build Instructions
Due to a breaking change in one of dependencies the testing suite has been updated and the updated code can be found here Please use the new repository only to download the code and run the tests. DO NOT submit any findings there.
Build instructions can be found in README
For setup, various commands mentioned have to be run due to the library versions mismatch.
Basic POC Test
We have a very wide test suite with unit, BTT, fuzzing and invariant tests.
We recommend POCs to be done in the related test file where the vulnerability is in.
Otherwise, you can leverage our BaseProxyTest.t.sol, which points to an anvil instanced with bArtio testnet.
Out of scope
- Previous security reports
- Bima findings
- Liquity Known Issues
- Comment acknowledgements of related functions.
- Known issues: TBD
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
CompletedTotal reward:
$52,500
Findings submitted:
103
Start date:
8 Feb 2025 5:30am (local time)
End date:
7 Mar 2025 8:00pm (local time)