Asymmetry Finance contest details
- Total Prize Pool: $49,200 USDC
- HM awards: $25,500 USDC
- QA report awards: $3,000 USDC
- Gas report awards: $1,500 USDC
- Lookout awards: $2,400 USDC
- Judge awards: $6,300 USDC
- Scout awards: $500 USDC
- Mitigation review contest: $10,000 USDC
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts March 24, 2023 20:00 UTC
- Ends March 30, 2023 20:00 UTC
Automated Findings / Publicly Known Issues
Automated findings output for the contest can be found here.
Note for C4 wardens: Anything included in the automated findings output is considered a publicly known issue and is ineligible for awards.
Overview
SafEth is a smart contract suite developed by Asymmetry Finance that enables a user to diversify their ETH into staked derivatives. Currently the supported staked derivatives are wstETH, rETH, and sfrxETH.
The goal of SafEth is to help decentralize the liquid staked derivatives on the Ethereum blockchain. This is done by enabling and easy access to diversification of derivatives.
In the future, SafEth will be used in conjunction with other smart contracts to allow the staking of SafEth to gain higher yield.
There are two main functions a user will interact with and they both reside in SafEth.sol
stake: The main entry-point to the protocol. Will take the usersETHand convert it into various derivatives based on their weights and mint an amount ofsafETHthat represents a percentage of the total assets in the system.unstake: The main exit-point from the protocol. Will burn the userssafETHand convert a percentage of each derivative to give the user their ETH back including any of the rewards their derivatives have accrued over the time since they started staking.
Protocol Contracts:
SafEth: An upgradeable ERC20 contract that handles the conversion between ETH and whatever derivatives that are implemented
Derivative Contracts:
These contracts handle all business logic to deposit and withdraw through their specific protocols. These will change after Shanghai is released when withdrawing from the beacon chain is enabled
Scope
Files in scope
| File | SLOC | Description and Coverage | Libraries |
|---|---|---|---|
| Contracts (4) | |||
| contracts/SafEth/derivatives/WstEth.sol 💰 | 54 | Derivative contract for wstETH, 95.00% | @openzeppelin/* |
| contracts/SafEth/derivatives/SfrxEth.sol 💰 | 81 | Derivative contract for sfrxETH, 95.00% | @openzeppelin/* |
| contracts/SafEth/SafEth.sol 💰 | 156 | This contract is the main staking/unstaking contract, 100.00% | @openzeppelin/* |
| contracts/SafEth/derivatives/Reth.sol 💰 🧮 | 169 | Derivative contract for rETH, 97.56% | @openzeppelin/* |
| Total (over 4 files): | 460 | 98.06% |
All other source contracts (not in scope)
External imports
- @openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol
- @openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol
- @openzeppelin/contracts/token/ERC20/ERC20.sol
- @openzeppelin/contracts/token/ERC20/IERC20.sol
Additional Context
- Minting safETH is done as a percentage of the entire value of the system. If you put in 10% of the ETH in the system, you will own 10% of the safETH.
- Weights are set for each derivative and will stake at a percentage to whatever the current weight is set to.
- Weights are not set in percentage out of 100, so if you set derivatives weights to 400, 400, and 200 they will be 40%, 40%, and 20% respectively.
- A lot of protocols haven't implemented withdrawing yet, so the derivative contracts will be upgraded after Shanghai
Scoping Details
- If you have a public code repo, please share it here: https://github.com/asymmetryfinance/smart-contracts - How many contracts are in scope?: 4 - Total SLoC for these contracts?: 645 - How many external imports are there?: 12 - How many separate interfaces and struct definitions are there for the contracts within scope?: 20 - Does most of your code generally use composition or inheritance?: inheritance - How many external calls?: 27 - What is the overall line coverage percentage provided by your tests?: 92 - Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: False - Please describe required context: - Does it use an oracle?: No - Does the token conform to the ERC20 standard?: Yes - Are there any novel or unique curve logic or mathematical models?: Yes - Does it use a timelock function?: No - Is it an NFT?: No - Does it have an AMM?: Yes - Is it a fork of a popular project?: False - Does it use rollups?: No - Is it multi-chain?: No - Does it use a side-chain?: False
Quickstart Command
To immediately get started run the following command
export FORK_URL="<your-mainnet-url-goes-here>" && rm -Rf 2023-03-asymmetry || true && git clone https://github.com/code-423n4/2023-03-asymmetry.git -j8 && cd 2023-03-asymmetry && cat .env.sample | sed -e 's|MAINNET_URL=|MAINNET_URL="'"$FORK_URL"'"|g' > .env && nvm use && yarn && yarn compile && REPORT_GAS=true yarn test
Tests
Local Development
To use the correct node version run
nvm use
To install dependencies:
First copy the .env.sample to a file called .env and add an Alchemy Node URL under the variable MAINNET_URL
Next run yarn to install dependencies and run yarn compile to compile the project.
Hardhat
For testing on hardhat simply run:
yarn test
Or for complete coverage:
yarn coverage
Local Node
Run the following command to spin up your local node
yarn local-node
In another terminal run this command to deploy the contracts to your local node
yarn deploy --network localhost
Once deployed you can interact with your local contracts through Ethernal or scripts/tests