Size Credit / size-solidity

Size is a fixed-rate lending marketplace built on an order book where offers are expressed like yield curves, allowing efficient and continuous pricing across markets and maturities. This upgrade, version 1.7, introduces an authorization feature that enables users to allow other operator accounts to perform specific actions on their behalf, which can unlock more complex strategies and automations. In addition, it improves our access control management by centralizing roles on the factory contract, instead of in individual market deployments.

Prize Distribution and Scoring

• Total Prize Pool: $15000
• Additional pay for dedicated Cantina researcher: $12000

Scoring described in the competition scoring page.

Findings Severities described in detail on our docs page.

Documentation

• Github Repo
• Docs
• PR-#157
• PR-#160
• Code walkthrough

Scope

• Repository: https://github.com/SizeCredit/size-solidity
• Commit: 8f1da42d2209a6083e152eb0bc19031aaf9d79c6
• Total LOC: 4298
• Files:
  • src/
    • Note: The codebase has been previously audited, so auditors are asked to focus on v1.7 changes as highlighted by the pull request links.

Build Instructions

forge install
forge test

Basic POC Test

• POC rule applies for this competition. A coded POC must be provided for all H/M findings before end of competition.

  • Proof Of Concept test file

Out of scope

• Previous security reports:
  • https://github.com/SizeCredit/size-solidity/tree/main/audits
• Expected behaviors such as trusted/untrusted roles and/or any accepted risks: Described in project's README
• Automated findings by Lightchaser https://gist.github.com/ChaseTheLight01/5860fa9a5c611986d3163a6b69fb62f1

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.