Skip to content

tuannda1986/2023-07-kyber-swap

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

.github/ISSUE_TEMPLATE

.github/ISSUE_TEMPLATE

 
 

.sherlock

.sherlock

 
 

ks-elastic-sc

ks-elastic-sc

 
 

README.md

README.md

 
 

Repository files navigation

KyberSwap contest details

Q&A

Q: On what chains are the smart contracts going to be deployed?

Mainnet, BNB Chain, Polygon, Arbitrum, Optimism, Avalanche, Fantom, Linea, Polygon zkEVM, Base, BitTorrent, Cronos, Velas, Oasis (and could be any EVM compatible chains)

Q: Which ERC20 tokens do you expect will interact with the smart contracts?

Standard ERC20

Q: Which ERC721 tokens do you expect will interact with the smart contracts?

It mints ERC721 token as positions, similar to Uni-v3

Q: Which ERC777 tokens do you expect will interact with the smart contracts?

none

Q: Are there any FEE-ON-TRANSFER tokens interacting with the smart contracts?

no

Q: Are there any REBASING tokens interacting with the smart contracts?

no

Q: Are the admins of the protocols your contracts integrate with (if any) TRUSTED or RESTRICTED?

RESTRICTED

Q: Is the admin/owner of the protocol/contracts TRUSTED or RESTRICTED?

Restricted - Owner shouldn’t be able to steal funds, but is trusted with setting fee recipient address and fee collection (up to 20%)

Q: Are there any additional protocol roles? If yes, please explain in detail:

Factory configMaster

  • Config protocol fee recipient and fee percentage.
  • Enable new swap fee tiers
  • Update whitelisted Position Manager
  • Enable/Disable whitelist requirement for Position Manager
  • Update configMaster.
  • update vesting period
  • configMaster should not be able to steal funds but is trusted with the actions above.

Pool Oracle’s owner:

  • Upgrade Oracle implementation
  • Rescue funds wrongly sent to the Pool Oracle

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

No

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

  • The condition getTickAtSqrtRatio(currentSqrtP) == currentTick may not hold. In some edge cases, getTickAtSqrtRatio(currentSqrtP) == currentTick+1 due to the tick is crossed but the price is closed to currentSqrtP (and must be rounded up for the solvency of the AMM).

Q: Please provide links to previous audits (if any).

https://chainsecurity.com/wp-content/uploads/2021/12/ChainSecurity_Kyber_Network_KyberSwap_Elastic_V2_audit.pdf

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

no

Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

yes

Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?

no

Q: Add links to relevant protocol resources

https://docs.google.com/document/d/1F50RWQRRyaNxnW5RvKgw09fN2FofIVLVccijgcOt-Iw/edit?usp=sharing https://hackmd.io/7zTuB6WHSoOzS446WODWzQ?view https://hackmd.io/sgADNlGNS8eSGU_8mZYqDQ?view

Audit scope

ks-elastic-sc @ 4ab08c0a60f74809f731bdd333076e32d05f1d17

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 65.4%
  • Solidity 34.4%
  • Other 0.2%