Platform: Code4rena
Start Date: 04/03/2024
End Date: 25/03/2024
Period: 21 days
Status: Completed
Pot Size: $140,000 USDC
Participants: 69
Reporter: PaperParachute
Judge: 0xean
Id: 343
League: ETH
monrel | 1/69 | $39,108.58 | 7 | 3 | 1 | 3 | 1 | - | 0 | 0 |
t0x1c | 2/69 | $19,343.85 | 9 | 1 | 0 | 7 | 1 | - | 0 | 0 |
Shield | 3/69 | $14,677.71 | 8 | 0 | 0 | 7 | 1 | - | 0 | 0 |
zzebra83 | 4/69 | $9,799.48 | 3 | 1 | 0 | 2 | 1 | 0 | 0 | 0 |
MrPotatoMagic | 5/69 | $7,230.36 | 7 | 2 | 0 | 2 | 0 | - | - | - |
ladboy233 | 6/69 | $7,017.62 | 6 | 2 | 0 | 3 | 0 | - | 0 | 0 |
joaovwfreire | 7/69 | $6,413.92 | 3 | 0 | 0 | 1 | 1 | - | 0 | - |
alexfilippov314 | 8/69 | $6,221.51 | 4 | 2 | 0 | 1 | 0 | - | 0 | 0 |
Tendency | 9/69 | $2,740.36 | 2 | 1 | 0 | 1 | 0 | 0 | 0 | 0 |
Aymen0909 | 10/69 | $2,181.75 | 2 | 1 | 0 | 1 | 0 | 0 | 0 | 0 |
Auditor per page
Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.
The 4naly3er report can be found here.
transferFrom instead of safeTransferFrom. This is known and acceptable.Taiko is a Based rollup. You can learn about Based rollups by following the links below:
This version of the Taiko protocol is also known as Based Contestable Rollup, or BCR. You can learn about BCR design using these links:
There are also a few documents in packages/protocol/docs that you can take a look at. We are working on converting them into our official documentation before the mainnet launch. Apologies that these files are not well-maintained, but I think they may provide some additional insights into BCR's design and/or implementation.
A built-in cross-layer communication mechanism is also included in the core protocol code to facilitate communication across multiple Taiko L2s and/or L3s. We call it multi-hop bridging. You can learn about the basic design here.
Whitepaper Update Notice: The current version of the Taiko whitepaper outlines the fundamental principles of our Base rollup design. Please note, however, that this document has not been updated recently, and as such, some of the details may not accurately reflect the latest developments in our project. While the whitepaper does provide a valuable overview of Taiko's core concepts, it does not include information on our Contestable Rollup features, which are a significant part of our evolving architecture.
Tokenomics Whitepaper Overview: For a straightforward explanation of how the Taiko token integrates within our protocol, refer to our tokenomics whitepaper. This document succinctly details the use of Taiko tokens as bonding mechanisms within the Taiko ecosystem, offering insight into our tokenomic strategy.
Here are the improved and corrected sentences:
All files outside of packages/protocol/contracts are out of scope.
BridgedERC20 token (not the TaikoToken) and a future Taiko NFT (ERC-721).TaikoL1, TaikoGovernor, TaikoTimelockController, and TaikoToken will be deployed on Ethereum; TaikoL2 will be pre-deployed on Taiko L2 before genesis. All other contracts, including AddressManager, SignalService, Bridge, all vaults and bridged tokens, will be deployed on both Ethereum and Taiko L2.address(0) to disable these functions. Please search for onlyFromNamed to locate these special roles.BridgedERC20 has a special role called snapshooter; once set, this role can take snapshots.cd packages/protocol/ pnpm install pnpm compile pnpm test
Make sure you're using the latest version of Slither (0.10.1).
cd packages/protocol/ slither .
Employees of Taiko and employees' family members are ineligible to participate in this audit.