Platform: Code4rena
Start Date: 30/10/2021
End Date: 01/11/2021
Period: 3 days
Status: Completed
Reporters: itsmetechjay, CloudEllie
Pot Size: $35,000 ETH
Participants: 16
Reporters: itsmetechjay, CloudEllie
Judge: alcueca
Id: 48
League: ETH
kenzo | 1/16 | $10,594.91 | 4 | 0 | 0 | 2 | 1 | - | - | 0 |
hickuphh3 | 2/16 | $6,681.46 | 3 | 0 | 0 | 1 | 0 | - | - | 0 |
pmerkleplant | 3/16 | $4,611.63 | 3 | 0 | 0 | 1 | 0 | - | - | 0 |
cmichel | 4/16 | $4,064.26 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
pauliax | 5/16 | $2,993.71 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
ye0lde | 6/16 | $2,103.76 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
daejunpark | 7/16 | $1,486.33 | 2 | 0 | 0 | 1 | 0 | - | 0 | 0 |
WatchPug | 8/16 | $971.12 | 3 | 0 | 0 | 1 | 0 | - | - | 0 |
gpersoon | 9/16 | $588.84 | 2 | 0 | 0 | 1 | 0 | - | 0 | 0 |
pants | 10/16 | $472.76 | 1 | 0 | 0 | 0 | 0 | 0 | - | 0 |
Auditor per page
Slingshot.sol defines the general logic by which a transaction is handled and executed.
The specific logic for each DEX/AMM is defined within its own corresponding module that is stored in the module registry.
Slingshot.sol references these modules to appropriately execute a trade. Slingshot.sol also performs some safety checks to account for slippage and security. Slingshot.sol expect parameters to be passed from the Slingshot backend that provide the details related to how a given transaction should be executed.
rescueTokens and rescueTokensFromExecutioner can be gamed however it is not a concern. They are in place "just in case" and should not be used in the first place.
All modules must be registered in ModuleRegistry.sol. Only trusted code can be registered as a module by registry admin.
It handles all users approvals. It exists to separate the approvals from execution layer. Operated by System admin.
System admin is a multisig and is the most trusted role in the system. It has the power to accept new version of Slingshot protocol and carry over all user approvals.
Creates separate execution environment for trades. Big reason for this contract to exists is to decouple roles of ModuleRegistry.sol admin and System admin.
ModuleRegistry.sol admin should be able to register new modules at will for smooth development process. This role is trusted admin however, he should not be able to introduce any system wide backdoors by registering malicious modules. For example, it should not be possible for a ModuleRegistry.sol admin to abuse user's approvals given to ApprovalHandler.sol.
Access control contract based on OpenZeppelin's AccessControl.
Trading module for Balancer protocol.
Trading module for BalancerV2 protocol.
Trading module for Curve protocol.
Trading module for SushiSwap protocol.
Trading module for Uniswap protocol.