Giter VIP home page Giter VIP logo

2023-07-kyber-swap's Introduction

KyberSwap contest details

Q&A

Q: On what chains are the smart contracts going to be deployed?

Mainnet, BNB Chain, Polygon, Arbitrum, Optimism, Avalanche, Fantom, Linea, Polygon zkEVM, Base, BitTorrent, Cronos, Velas, Oasis (and could be any EVM compatible chains)

Q: Which ERC20 tokens do you expect will interact with the smart contracts?

Standard ERC20

Q: Which ERC721 tokens do you expect will interact with the smart contracts?

It mints ERC721 token as positions, similar to Uni-v3

Q: Which ERC777 tokens do you expect will interact with the smart contracts?

none

Q: Are there any FEE-ON-TRANSFER tokens interacting with the smart contracts?

no

Q: Are there any REBASING tokens interacting with the smart contracts?

no

Q: Are the admins of the protocols your contracts integrate with (if any) TRUSTED or RESTRICTED?

RESTRICTED

Q: Is the admin/owner of the protocol/contracts TRUSTED or RESTRICTED?

Restricted - Owner shouldn’t be able to steal funds, but is trusted with setting fee recipient address and fee collection (up to 20%)

Q: Are there any additional protocol roles? If yes, please explain in detail:

Factory configMaster

  • Config protocol fee recipient and fee percentage.
  • Enable new swap fee tiers
  • Update whitelisted Position Manager
  • Enable/Disable whitelist requirement for Position Manager
  • Update configMaster.
  • update vesting period
  • configMaster should not be able to steal funds but is trusted with the actions above.

Pool Oracle’s owner:

  • Upgrade Oracle implementation
  • Rescue funds wrongly sent to the Pool Oracle

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

No

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

  • The condition getTickAtSqrtRatio(currentSqrtP) == currentTick may not hold. In some edge cases, getTickAtSqrtRatio(currentSqrtP) == currentTick+1 due to the tick is crossed but the price is closed to currentSqrtP (and must be rounded up for the solvency of the AMM).

Q: Please provide links to previous audits (if any).

https://chainsecurity.com/wp-content/uploads/2021/12/ChainSecurity_Kyber_Network_KyberSwap_Elastic_V2_audit.pdf

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

no

Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

yes

Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?

no

Q: Add links to relevant protocol resources

https://docs.google.com/document/d/1F50RWQRRyaNxnW5RvKgw09fN2FofIVLVccijgcOt-Iw/edit?usp=sharing https://hackmd.io/7zTuB6WHSoOzS446WODWzQ?view https://hackmd.io/sgADNlGNS8eSGU_8mZYqDQ?view

Audit scope

ks-elastic-sc @ 4ab08c0a60f74809f731bdd333076e32d05f1d17

2023-07-kyber-swap's People

Contributors

sherlock-admin avatar hrishibhat avatar

Stargazers

avatar

Watchers

Sven Igl avatar Le Xuan Manh avatar avatar

Forkers

zloychan tuannda1986 facker289

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.