Sherlock contest

Decentralized exploit protection.

Twitter

General Information

Platform: Code4rena

Start Date: 22/07/2021

End Date: 28/07/2021

Period: 7 days

Status: Completed

Reporters: moneylegobatman, ninek

Pot Size: $80,000 USDC

Participants: 14

Reporters: moneylegobatman, ninek

Judge: ghoulsol

Id: 21

League: ETH

Findings Distribution

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository

Leaderboard


cmichel	1/14	$19,550.14	5	1	2	1	-	-
gpersoon	2/14	$17,918.99	5	1	2	2	-	-
shw	3/14	$11,670.34	3	0	1	0	-	-
pauliax	4/14	$9,341.61	2	0	0	0	-	-
walker	5/14	$7,742.33	4	2	1	0	-	0
hrkrshnn	6/14	$4,312.24	3	1	0	0	-	-
jonah1005	7/14	$3,699.70	2	1	0	0	0	-
hickuphh3	8/14	$2,759.56	2	0	0	0	-	-
eriksal1217	9/14	$1,001.15	2	0	0	0	-	-
tensors	10/14	$459.96	2	0	0	0	-	-

14 auditor(s).

Auditor per page

Page 1 of 2

Sherlock contest details

$72,000 USDC main award pot
$8,000 USDC gas optimization award pot
Join C4 Discord to register
Submit findings using the C4 form
Read our guidelines for more details
Starts 2021-07-22 00:00 UTC
Ends 2021-07-28 23:59 UTC

Contest scoping

Sherlock is a protocol on the Ethereum blockchain that protects Decentralized Finance (DeFi) users from exploits with proprietary security analysis and protocol-level coverage.

There are 3 main participants in the Sherlock ecosystem:

Protocols accrue debt to the solution over time, in return, their end users are compensated in case of an exploit at protocol level.
Stakers provide capital to the solution, their capital is used in case of an exploit payout. In return for the risk they are rewarded SherX, a token which can be redeemed for underlying protocol premium tokens.
Security team (watsons) is a decentralized group incentivized to keep protocols safe and signal protocol premium pricing to the Sherlock DAO.

Smart Contracts

Contract	Lines	External Contracts	Libraries (OpenZeppelin)	Libraries (other)	Libraries (internal)	Info
`ForeignLock.sol`	2	X	Ownable			ERC20 tokens used to represent tokens staked in the solution
`NativeLock.sol`	5	X	Ownable			ERC20 token used to represent SHERX staked in the solution
`facets/Gov.sol`	142	X	SafeMath, SafeERC20	LibDiamond		Facet containing the logic used to govern the solution.
`facets/GovDev.sol`	6	X		LibDiamond		Facet used for remove/add/update solidity code in the solution.
`facets/Manager.sol`	124	X	SafeMath		LibPool, LibSherX	Facet used to mananage protocol premiums and the amount of SHERX being minted
`facets/Payout.sol`	66	X	SafeMath, SafeERC20	LibDiamond	LibPool, LibSherX, LibSherXERC20	Facet used to initiate payouts in case of an exploit
`facets/PoolBase.sol`	143	X	SafeMath, SafeERC20		LibPool	Facet used for every token in the solution. For staker actions and protocol actions.
`facets/PoolDevOnly.sol`	2	X	SafeERC20	LibDiamond	LibPool	Facet used to whitelist a certain address to access the staking function.
`facets/PoolOpen.sol`	12	X	SafeERC20		LibPool	Facet used to for staking without whitelist.
`facets/PoolStrategy.sol`	36	X	SafeMath, SafeERC20			Facet used for yield strategies for staker tokens
`facets/SherX.sol`	124	X	SafeMath, SafeERC20		LibPool, LibSherX, LibSherXERC20	Facet used for SHERX related functions, like redeeming underlying
`facets/SherXERC20.sol`	44	X	SafeMath	LibDiamond	LibSherXERC20	Facet used for the ERC20 function of SHERX
`libraries/LibPool.sol`	35	X	SafeMath, SafeERC20			Internal libary used for token pool related functions
`libraries/LibSherX.sol`	52	X	SafeMath, SafeERC20		LibPool, LibSherXERC20	Internal libary used for SHERX related functions
`libraries/LibSherXERC20.sol`	10	X	SafeMath			Internal libary used for ERC20 related functions
`strategies/AaveV2.sol`	26	Aave V2	SafeMath, SafeERC20, Ownable			Strategy used to deposit tokens into Aave V2.

Sherlock V1 (solution) is built using Diamonds (EIP 2535), basically meaning all the contracts in the facets folder live at the same address and share the same storage. The solution is ERC20 compatible, the ERC20 exposed functions are defined in facets/SherXERC20.sol.

Natspec comments can be read from the interfaces folder.

Areas of concern

The payout function is long and complex
Redeeming SHERX
_doYield() function in the SherX facet.
The different functions for updating premiums and token pricing. Focussing on economic exploits.

More info

Conceptual overview (YouTube)
Code overview (YouTube)
Sherlock Docs
Sherlock Goerli; WARNING code doesn't match 100% with the code in this repo.