Platform: Code4rena
Start Date: 12/08/2022
End Date: 15/08/2022
Period: 3 days
Status: Completed
Pot Size: $35,000 USDC
Participants: 126
Reporter: liveactionllama
Judge: Justin Goro
Id: 154
League: ETH
Respx | 1/126 | $12,925.77 | 4 | 1 | 1 | 1 | 1 | - | - | 0 |
CertoraInc | 2/126 | $4,482.50 | 8 | 1 | 0 | 5 | 1 | - | - | 0 |
scaraven | 3/126 | $1,941.00 | 5 | 0 | 0 | 5 | 0 | 0 | 0 | 0 |
ak1 | 4/126 | $1,128.14 | 4 | 0 | 0 | 2 | 0 | - | - | 0 |
jonatascm | 5/126 | $733.90 | 3 | 1 | 0 | 1 | 0 | - | 0 | 0 |
oyc_109 | 6/126 | $625.18 | 3 | 1 | 0 | 0 | 0 | - | - | 0 |
reassor | 7/126 | $577.06 | 4 | 0 | 0 | 2 | 0 | - | - | 0 |
cryptphi | 8/126 | $571.54 | 2 | 0 | 0 | 1 | 0 | - | 0 | 0 |
KIntern_NA | 9/126 | $571.54 | 2 | 0 | 0 | 1 | 0 | - | 0 | 0 |
JohnSmith | 10/126 | $557.33 | 4 | 0 | 0 | 2 | 0 | - | - | 0 |
Auditor per page
| File | SLOC | Coverage |
|---|---|---|
| Contracts (2) | ||
| contracts/libraries/ReentrancyBlock.sol | 10 | 0.00% |
| contracts/libraries/Authorizable.sol | 31 | 40.00% |
| Abstracts (2) | ||
| contracts/libraries/ERC20PermitWithMint.sol | 34 | 41.67% |
| contracts/libraries/ERC20Permit.sol 🧮 🔖 | 122 | 62.86% |
| Interfaces (1) | ||
| contracts/interfaces/IERC20Permit.sol | 15 | 100.00% |
| Total (over 5 files): | 212 | 50.82% |
export ALCHEMY_MAINNET_API_KEY=<your-api-key-goes-here> && rm -Rf 2022-08-fiatdao || true && git clone https://github.com/code-423n4/2022-08-fiatdao && cd 2022-08-fiatdao && npm install && npm run build && npm run test
A solidity implementation of Curve's voting-escrow with additional features outlined below.
Lock delegation Users may delegate ther lock to another user whereby they give the delegatee control over their lock expiration and balance (i.e. voting power). Both users, the delegator and the delegatee, need to have an active lock in place at the time of delegation. Moreover, the delegatee's lock expiration needs to be longer than the delegator's.
Lock quitting A non-expired lock may be quitted by the lock owner anytime. The lock cannot be delegated at the time of quitting and the quitter pays a penalty proportional to the remaining lock duration.
Optimistic SmartWallet approval SmartWallets (i.e. contracts) can create a lock without being approved first. However, the veFDT owner maintains a Blocklist where SmartWallets may be blocked from further interacting with the system. The Blocklist only allows the owner to block contracts but not EOAs. Blocked SmartWallets may still undelegate (if delegated prior to the blocking) and quit their lock (by paying the penalty) or withdraw once the lock expired.
npm install
npm run build
npm run test
Note: We use hardhat and Alchemy web3 provider in order to test against Ethereum mainnet state. Make sure to configure an Alchemy API endpoint with a valid key before running the test script:
export ALCHEMY_MAINNET_API_KEY=[ALCHEMY_KEY]
The veFDT contract implements the same checkpoint mathematics than the original Curve VotingEscrow.vy contract. The new features leverage this math in order to void or redirect (i.e. delegate) a lock's virtual balance. More details about how the various lock operations interact with Curve's checkpoint math can be found here.