At our core, looking for someone who takes pride in their ideas and defends them, a critical thinker to shape architecture, design, and product decisions, and loves to ship code, move fast, and hustle with the team!
- Leveraging Lit Protocol, NextJs/React to build a mini-full-stack application
- Can use any styling libraries, Tailwind is preferred
- Your questions/thoughts/concerns on the current Genius Architecture + understanding of Solidity
- How fast you can pick up and leverage new tech (Lit) that is not necessarily the best documented
- Code style/structure/maintainability
- Thought process + architect a project with a many moving pieces
- Critical thought on Genius’ current architecture / general understanding of Solidity
//Not particularly concerned on nitty, gritty styling etc, so you don’t need to spend too much time there. Functionality is much more important. Definitely feel free to use a library like ShadCN.
- Run through and get familiar with Lit Documentation and how Lit Protocol works. Ask any and all questions - questions are super encouraged, Lit Docs are still a WIP so know it can be a bit all over the place. If you have trouble finding anything within Lit, highly recommend just pinging me in TG since will be able to point you to the right resources since their docs are quite scattered!!
- Your goal is to write a bare bones single chain limit order dApp leveraging Lit Protocol, Uniswap on Ethereum Sepolia
- The dApp should
- Create a Lit PKP / Ethereum Wallet tied to a Google Account
- Create a Session with that PKP
- Encrypt a Limit Order with the created PKP (can save the encrypted data in Local Storage)
- Execute the Limit Order within a Lit Action
- For getting the calldata use Uniswap, but ideally do not use the SDK and directly interact with the contracts
- You do not need to set up a timechron or websocket to listen to price changes to fire the Lit Action, it can just be a button that runs the Lit Action Limit Order
- The Limit Order should check the price from defined or via the SDK and make sure it satisfies the price conditions
- The dApp should
- Implement the above within a NextJs project,
- You can feel free to define your data types, UI, etc. any way you like (to keep things simple you can base all limit orders on ETH / WETH pairs.
- No need to set up a DB, can just save everything in localstorage for the scope of the demo
- Aim to finish in no more than 2 days. (Candidly this may be a lot larger scope than 2 days, so if you’re not all the way through - just send in what you have and can walk through the code together)
- You will be compensated $300 for the task.
Helpful Utilities
https://www.alchemy.com/faucets/ethereum-sepolia - getting sepolia eth (we can also send you some if you need it)
https://usehooks-ts.com/ — localstorage hooks
https://ui.shadcn.com/ - ui components
https://tailwindcss.com/docs/installation - tailwind
https://docs.defined.fi/reference/getnetworks — pricing api for ethereum sepolia + tokens etc. (lmk if you need an api key)
desc:
-
_isBalanceWithinThreshold(uint256 balance): check if balance is within the threshold limit and calculate a lower bound based on totalStakedAssets and rebalanceThreshold. Returns true if the balance >= lower bound.
-
_updateBalance(): updates the totalAssets of the contract by fetching the balance of the stablecoin for the contract's address.
-
_updateStakedBalance(uint256 amount, uint256 add): updates the totalStakedAssets and if add is 1 adds the amount to totalStakedAssets else it subtracts the amount.
-
_updateAvailableAssets(): updates the availableAssets and minAssetBalance based on the current totalAssets, totalStakedAssets, and rebalanceThreshold then calculates liquidity and updates availableAssets
order:
- _updateBalance() : updated for new deposits
- _updateStakedBalance(amount, 1) : increase new staked amt
- _updateAvailableAssets() : recalculated based on total and staked balances
potential attack:
- needs permission to call aggregate()
- The contract should not have proper access controls or validation on the targets and data parameters.
attack scenario:
- attacker could use this function to call other contract address
- calling sensitive functions on other contracts
- xfer assets from the contract to the attacker's address
funds at risk:
- eth in the contract
- assets that contract has permission to interact with
risk mitigation:
- access controls
- whitelist of allowed target addresses
pros:
- gasless sigs for every token
- expiration date
- batching approvals and xfers in one tx
- can be used for multiple tokens allowance
- better ux experience
cons:
- not backwards compatible
- not all wallets support it
- not all contracts support it
- since it can approval multiple tokens, it can be a security risk
- unlimited approval (pro or con)
- centralized contract risk for Permit2