Platform: Code4rena
Start Date: 14/10/2021
End Date: 20/10/2021
Period: 7 days
Status: Completed
Reporters: itsmetechjay, CloudEllie
Pot Size: $50,000 USDC
Participants: 14
Reporters: itsmetechjay, CloudEllie
Judge: 0xean
Id: 37
League: ETH
gpersoon | 1/14 | $22,727.27 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 0 |
cmichel | 2/14 | $14,977.57 | 4 | 0 | 0 | 2 | 2 | - | - | 0 |
chenyu | 3/14 | $4,545.46 | 1 | 0 | 0 | 0 | 0 | - | 0 | 0 |
pants | 4/14 | $2,662.87 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
pmerkleplant | 5/14 | $2,431.97 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
hyh | 6/14 | $1,022.73 | 1 | 0 | 0 | 0 | 0 | - | 0 | 0 |
TomFrenchBlockchain | 7/14 | $708.62 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
pauliax | 8/14 | $461.80 | 1 | 0 | 0 | 0 | 0 | 0 | - | 0 |
ye0lde | 9/14 | $318.48 | 1 | 0 | 0 | 0 | 0 | 0 | - | 0 |
WatchPug | 10/14 | $143.32 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
Auditor per page
| Glossary | |
|---|---|
| Backing Token | Any token that can be deposited to earn some interest via lending or staking. Currently we support ETH, DAI, and USDC. |
| Yield Bearing Token (YBT) | Lending or staking token. Currently we support stETH, aTokens (aDAI, aUSDC), and cTokens (cDAI, cUSDC). |
| TempusPool | Holds all locked Yield Bearing Token, and is used to mint Principals and Yields on deposits, and to burn them on redemption in exchange for Yield Bearing Token. |
| Principals | Zero-coupon bond redeemable for 1 Backing Token after maturity. |
| Yields | Zero-coupon bond redeemable for Backing Tokens after maturity for the amount of yield accrued during the lifetime of the pool. Example: 10% yield would result in 0.1 Backing Token for each Yield share. |
| Tempus AMM | Tempus AMM implementation based on Stable Pools from Balancer v2. It is used for trading Principals against Yields. |
| LP token | Token that represent share in the Tempus AMM. Users get this token when they provide liquidity with Principals and Yields. |
| Tempus Controller | Entry point to the protocol. Used for all user-facing actions related to Tempus Pool. Only Tempus Controller singleton is allowed to operate on a Tempus Pool. |
This contest is open for one week. Submissions are open from the beginning until the end. Representatives from Tempus will be available in the Code Arena Discord to answer any questions during the contest period. The focus of the contest is to try and find any logic errors or ways to drain funds from the protocol in a way that is advantageous for an attacker at the expense of users with funds invested in the protocol. Gas optimization suggestions are also welcome.
Tempus is a future yield tokenization and fixed rate protocol.
Most forms of yield farming return a variable rate of yield. This means that liquidity providers can be subject to unpredictable fluctuations in their returns. Currently, there is no easy way to obtain a fixed yield or otherwise speculate on the returns in a capital-efficient way. This is where Tempus steps in, allowing users to perform two different use cases, each one offering a unique value proposition:
Users can deposit Backing Tokens or Yield Bearing Tokens to mint equal amounts of Principals and Yields. More information can be found in deposit docs.
Redemption has two different flows:
Users can redeem their funds into either Backing Tokens or Yield Bearing Tokens. You can find more in redemption docs.
All swaps between Principals and Yields are done via Tempus AMM. Information about our AMM can be found in TempusAMM docs or in our blog post.
All smart contracts are located in the contracts directory. However, we added mocked implementations of underlying lending/staking protocols (Lido, Aave, and Compound). These mocks are not in focus for this contest, as they are only used for unit testing of the underlying protocols. You can find these mocks in contracts/mocks.
Unit tests are located in test directory.
TempusController is used as the main entry point for all protocol related actions. It implements all batching actions as well (e.g. depositAndFix). The contract is implemented in TempusController.sol. It should be safe from reentrancy.
We have shared abstract implementation for Tempus pools. Abstract TempusPool is implemented in TempusPool.sol.
For now we implemented three different concrete pools integrating with Aave, Compound, and Lido:
pools/AaveTempusPool.solpools/CompoundTempusPool.solpools/LidoTempusPool.solPoolShare is the base contract for Principals and Yields. PrincipalShare and YieldShare are actual implementations for Principals and Yields. We have also two helper token implementations for fixed supply and owner mintable tokens. Here is a list of all tokens that we want to audit:
token/PoolShare.soltoken/PrincipalShare.soltoken/YieldShare.soltoken/ERC20FixedSupply.soltoken/ERC20OwnerMintableToken.solWe have few utility contracts/libraries:
utils/AMMBalancesHelper.sol (does some ratio calculations for AMM balances)utils/PermanentlyOwnable.sol (Ownable without the possibility to change ownership)utils/UntrustedERC20.sol (we use this for transfers of external tokens)math/Fixed256xVar.sol (fixed point math implementation for variable amount of decimals)Tempus AMM is implemented as a modification of Balancer Stable Pool. We use Balancer's Vault contracts for our deployments.
amm/TempusAMM.solamm/TempusAMMUserDataHelpers.solamm/VecMath.solContracts in the protocols directory are only interfaces for underlying protocols.
We did a security audit with Coinspect. The full report is available here.
yarn install (node and yarn is a prerequisite)yarn buildyarn test