Platform: Code4rena
Start Date: 30/11/2021
End Date: 02/12/2021
Period: 3 days
Status: Completed
Reporters: moneylegobatman, CloudEllie
Pot Size: $30,000 USDC
Participants: 21
Reporters: moneylegobatman, CloudEllie
Judge: pauliax
Id: 63
League: ETH
WatchPug | 1/21 | $6,967.18 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
danb | 2/21 | $6,557.61 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
cmichel | 3/21 | $4,747.40 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
Meta0xNull | 4/21 | $4,241.66 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
loop | 5/21 | $3,310.08 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
0x0x0x | 6/21 | $1,550.17 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
defsec | 7/21 | $1,079.27 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
gzeon | 8/21 | $957.10 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
hickuphh3 | 9/21 | $86.99 | 2 | 0 | 0 | 0 | 0 | - | - | 0 |
TomFrenchBlockchain | 10/21 | $80.82 | 1 | 0 | 0 | 0 | 0 | 0 | - | 0 |
Auditor per page
| Glossary | Description | Address |
|---|---|---|
| TRIBE (Tribe) | ERC20 governance token for Fei Protocol | 0xc7283b66eb1eb5fb86327f08e1b5816b0720212b |
| RGT (Rari Governance Token) | ERC20 governance token for Rari Capital | 0xD291E7a03283640FDc51b121aC401383A46cC623 |
| FEI (Fei) | Algo-Stablecoin | 0x956F47F50A910163D8BF957Cf5846D573E7f87CA |
| PegExchanger | Contract which facilitates RGT->TRIBE conversions | To Be Deployed |
| TribeRagequit | Contract which facilitates TRIBE->FEI conversions | To Be Deployed |
| TribeTimelock | Timelock contract for Tribe governance | 0xd51dba7a94e1adea403553a8235c302cebf41a3c |
| RgtTimelock | Timelock contract for RGT governance | 0x8ace03fc45139fddba944c6a4082b604041d19fc |
| Oracle | Tribe collaterizationOracle which gives information on the Fei protocol for exchange | 0xd1866289B4Bd22D453fFF676760961e0898EE9BF |
This repo contains the contracts & simulations to facilitate the proposed merger of the TRIBE and FEI DAOs.
One contract facilitates the token exchange of RGT to TRIBE, given that the protocol merger proposal passed on both protocols.
The other contract facilitates the token exchange of TRIBE to FEI, an option given only to those who held TRIBE, fTRIBE, or had a stake in the UniV2 TRIBE-FEI LP pool. The merkle root is the following: 0x04170710c105bbd5d0e7df59842638c8229c73808c4e1bc7ccd2547d5c7ba428
Both contracts require the timelocks of both DAOs to submit a transaction confirming that they want the contract to be activated, and only then may users exchange their RGT or claim their FEI. We can facilitate a trustless token buyout with the smart contract as an escrow with this system in place.
Also in scope for this competition, there are three simulations that together describe a relatively trustless governance process.
Finally, we detail the process in which the merkle tree was generated, using the set of scripts in ./scripts/
These produce output in the folder ./merkle/, each script producing output with matching numeric header
Example output used to generate the existing merkle tree is in directory ./sample_merkle
To run from scratch, source each step in order with npx hardhat run ./scripts/n_xyz.ts
Alternatively, then type make merkle. This script will resume from the latest completed step (indicated by prescence of file).
All the contracts in this section are to be reviewed. Any contracts not on this list are to be ignored for this contest.
Summary: Contract which allows RGT to be swapped for TRIBE at a pre-specified ratio.
Externally Calls:
transferFromtransferFromSummary: Contract which allows previous TRIBE holders to swap their TRIBE for FEI at intrinsic value.
Externally Calls:
transferFrommintpcvStatsThere are no external libraries used.
Exchangers will be left with an amount of dust equal to balance % token0InBase. This is expected.
The most complicated part of this contract is the validation of the merkle tree. While the logic is ripped from OZ, there could still be issues within their implementation.
Beyond that, both contracts are rather short (~250 lines total), and so every piece of logic, regardless of how trivial, is and therefore should be thought of as incredibly critical.
Factors related to the process in the use of these contracts may also be considered, such as but not limited to an attacker's ability to rehypothecate and infinitely exchange funds.
There are three simulations within scope located within ./test/governance. These simulations, when run in context, must be run in the following order:
Tribe must be the first mover on governance by committing to sending TRIBE to the PegExchanger and setting the Ragequit contract as minter. Both of these actions pose no loss to Tribe Governance if Rari does not vote YES on their side of the deal, for they can mint more TRIBE.
The Tribe Governance vote MUST be completed & passed before the RGT Governance vote to ensure that RGT Governance may vote "no" or even not propose if Tribe Governance does not make the first move. If RGT votes no, then the Tribe governance proposal will not be able to be executed, resulting in no tribe being sent to the exchanger, no minter being added, and no enabling of any contract.
An example of a full simulation containing token deployments can be found at ./test/full_sim.ts
./test/governance/sim_tribe.ts)This simulation first creates a proposal to perform the following actions:
party1Accept on PegExchangerparty1Accept on TribeRagequit./test/governance/sim_tribe.ts)This simulation executes the above proposal
party1Accept on PegExchangerparty1Accept on TribeRagequitThis simulation first creates a proposal to perform the following actions:
party0Accept on PegExchangerparty0Accept on TribeRagequitIt then simulates a voting period, after which the proposal is passed & executed.
./test/governance/sim_tribe.ts)This simulation first creates a proposal to perform the following actions:
It then simulates a voting period, after which the proposal is passed & executed.
The contracts used by these simulations are within test/addresser.ts
The environment is a standard hardhat repo with a makefile just to shorthand some commands.
Setup Instructions:
SAMPLE.env to ``.env`.env to an archive RPC nodenpm inpx hardhat cleannpx hardhat compileA single simulation is provided in the repo. To run, do the following:
npm inpx hardhat test test/full_sim.ts
This is a simulation of the full governance process, along with a few redemptions. While the simulation is comprehensive, it should be taken at face value: a single scenario and nothing more.