Skip to content

juniormp/audit-asymmetry-2023-03

ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

28 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

Asymmetry Finance contest details

  • Total Prize Pool: $49,200 USDC
    • HM awards: $25,500 USDC
    • QA report awards: $3,000 USDC
    • Gas report awards: $1,500 USDC
    • Lookout awards: $2,400 USDC
    • Judge awards: $6,300 USDC
    • Scout awards: $500 USDC
    • Mitigation review contest: $10,000 USDC
  • Join C4 Discord to register
  • Submit findings using the C4 form
  • Read our guidelines for more details
  • Starts March 24, 2023 20:00 UTC
  • Ends March 30, 2023 20:00 UTC

Automated Findings / Publicly Known Issues

Automated findings output for the contest can be found here.

Note for C4 wardens: Anything included in the automated findings output is considered a publicly known issue and is ineligible for awards.

Overview

SafEth is a smart contract suite developed by Asymmetry Finance that enables a user to diversify their ETH into staked derivatives. Currently the supported staked derivatives are wstETH, rETH, and sfrxETH.

The goal of SafEth is to help decentralize the liquid staked derivatives on the Ethereum blockchain. This is done by enabling and easy access to diversification of derivatives.

In the future, SafEth will be used in conjunction with other smart contracts to allow the staking of SafEth to gain higher yield.

image

There are two main functions a user will interact with and they both reside in SafEth.sol

  • stake: The main entry-point to the protocol. Will take the users ETH and convert it into various derivatives based on their weights and mint an amount of safETH that represents a percentage of the total assets in the system.
  • unstake: The main exit-point from the protocol. Will burn the users safETH and convert a percentage of each derivative to give the user their ETH back including any of the rewards their derivatives have accrued over the time since they started staking.

Protocol Contracts:

SafEth: An upgradeable ERC20 contract that handles the conversion between ETH and whatever derivatives that are implemented

Derivative Contracts:

Reth - SfrxEth - WstEth

These contracts handle all business logic to deposit and withdraw through their specific protocols. These will change after Shanghai is released when withdrawing from the beacon chain is enabled

Scope

Files in scope

File SLOC Description and Coverage Libraries
Contracts (4)
contracts/SafEth/derivatives/WstEth.sol ๐Ÿ’ฐ 54 Derivative contract for wstETH, ย ย 95.00% @openzeppelin/*
contracts/SafEth/derivatives/SfrxEth.sol ๐Ÿ’ฐ 81 Derivative contract for sfrxETH, ย ย 95.00% @openzeppelin/*
contracts/SafEth/SafEth.sol ๐Ÿ’ฐ 156 This contract is the main staking/unstaking contract, ย ย 100.00% @openzeppelin/*
contracts/SafEth/derivatives/Reth.sol ๐Ÿ’ฐ ๐Ÿงฎ 169 Derivative contract for rETH, ย ย 97.56% @openzeppelin/*
Total (over 4 files): 460 98.06%

All other source contracts (not in scope)

File SLOC Description and Coverage Libraries
Contracts (1)
contracts/SafEth/SafEthStorage.sol 12 -
Abstracts (2)
contracts/interfaces/lido/IstETH.sol 5 - @openzeppelin/*
contracts/interfaces/lido/IWStETH.sol 12 - @openzeppelin/*
Interfaces (29)
contracts/interfaces/IWETH.sol ๐Ÿ’ฐ 6 - @openzeppelin/*
contracts/interfaces/frax/IFrxETHMinter.sol ๐Ÿ’ฐ 6 -
contracts/interfaces/IDerivative.sol ๐Ÿ’ฐ 9 -
contracts/interfaces/curve/IStEthEthPool.sol ๐Ÿ’ฐ 9 -
contracts/interfaces/rocketpool/RocketDAOProtocolSettingsDepositInterface.sol 9 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolImmutables.sol 9 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolOwnerActions.sol 9 -
contracts/interfaces/curve/IFrxEthEthPool.sol ๐Ÿ’ฐ 10 -
contracts/interfaces/frax/IsFrxEth.sol ๐Ÿ’ฐ 11 -
contracts/interfaces/rocketpool/RocketDepositPoolInterface.sol ๐Ÿ’ฐ 11 -
contracts/interfaces/curve/IAfEthPool.sol ๐Ÿ’ฐ 12 -
contracts/interfaces/rocketpool/RocketTokenRETHInterface.sol ๐Ÿ’ฐ 13 - @openzeppelin/*
contracts/interfaces/uniswap/ISwapRouter.sol ๐Ÿ’ฐ 15 -
contracts/interfaces/uniswap/IUniswapV3Pool.sol 16 -
contracts/interfaces/curve/ICrvEthPool.sol ๐Ÿ’ฐ 22 -
contracts/interfaces/curve/IFxsEthPool.sol ๐Ÿ’ฐ 22 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolDerivedState.sol 23 -
contracts/interfaces/uniswap/IUniswapV3Factory.sol 26 -
contracts/interfaces/curve/ICrvEthPoolLegacy.sol ๐Ÿ’ฐ 32 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolActions.sol 39 -
contracts/interfaces/rocketpool/RocketStorageInterface.sol 42 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolState.sol 61 -
contracts/interfaces/uniswap/pool/IUniswapV3PoolEvents.sol 62 -
Total (over 32 files): 564 -

External imports

Additional Context

  • Minting safETH is done as a percentage of the entire value of the system. If you put in 10% of the ETH in the system, you will own 10% of the safETH.
  • Weights are set for each derivative and will stake at a percentage to whatever the current weight is set to.
  • Weights are not set in percentage out of 100, so if you set derivatives weights to 400, 400, and 200 they will be 40%, 40%, and 20% respectively.
  • A lot of protocols haven't implemented withdrawing yet, so the derivative contracts will be upgraded after Shanghai

Scoping Details

- If you have a public code repo, please share it here: https://github.com/asymmetryfinance/smart-contracts
- How many contracts are in scope?:   4
- Total SLoC for these contracts?:  645
- How many external imports are there?:  12
- How many separate interfaces and struct definitions are there for the contracts within scope?:  20
- Does most of your code generally use composition or inheritance?:   inheritance
- How many external calls?:   27
- What is the overall line coverage percentage provided by your tests?:  92
- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?:   False
- Please describe required context:
- Does it use an oracle?:  No
- Does the token conform to the ERC20 standard?:  Yes
- Are there any novel or unique curve logic or mathematical models?: Yes
- Does it use a timelock function?: No
- Is it an NFT?: No
- Does it have an AMM?:   Yes
- Is it a fork of a popular project?:   False
- Does it use rollups?: No
- Is it multi-chain?: No
- Does it use a side-chain?: False

Quickstart Command

To immediately get started run the following command

export FORK_URL="<your-mainnet-url-goes-here>" && rm -Rf 2023-03-asymmetry || true && git clone https://github.com/code-423n4/2023-03-asymmetry.git -j8 && cd 2023-03-asymmetry && cat .env.sample | sed -e 's|MAINNET_URL=|MAINNET_URL="'"$FORK_URL"'"|g' > .env && nvm use && yarn && yarn compile && REPORT_GAS=true yarn test

Tests

Local Development

To use the correct node version run

nvm use

To install dependencies:

First copy the .env.sample to a file called .env and add an Alchemy Node URL under the variable MAINNET_URL

Next run yarn to install dependencies and run yarn compile to compile the project.

Hardhat

For testing on hardhat simply run:

yarn test

Or for complete coverage:

yarn coverage

Local Node

Run the following command to spin up your local node

yarn local-node

In another terminal run this command to deploy the contracts to your local node

yarn deploy --network localhost

Once deployed you can interact with your local contracts through Ethernal or scripts/tests

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 61.2%
  • Solidity 38.4%
  • JavaScript 0.4%