Skip to content

sherlock-audit/2024-10-mento-update

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Mento Update contest details

Q&A

Q: On what chains are the smart contracts going to be deployed?

Celo


Q: If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?

Only whitelisted tokens are used, standard ERC20 is implied. Most of them are protocol created tokens like cUSD, cEUR, cREAL, etc. but with this upgrade we're also integrating with Good$ so the Broker will also be able to mint/burn and interact with the existing Good$ Token https://celoscan.io/address/0x62B8B11039FcfE5aB0C56E502b1C372A3d2a9c7A


Q: Are there any limitations on values set by admins (or other roles) in the codebase, including restrictions on array lengths?

  • gooddollar/GoodDollarExchangeProvider::createExchange(PoolExchange _exchange):

    • _exchange.reserveRatio = Between 1 and 1e8
    • _exchange.exitContribution = Between 1 and 1e8
  • gooddollar/GoodDollarExpansionController::setExpansionConfig(bytes32 _exchangeId, uint64 expansionRate, uint32 expansionFrequency)

    • expansionRate = Between 1 and 1e8
    • expansionFrequency > 0

Q: Are there any limitations on values set by admins (or other roles) in protocols you integrate with, including restrictions on array lengths?

No


Q: For permissioned functions, please list all checks and requirements that will be made before calling the function.

All permissioned calls either come from Mento governance or GoodDollar governance via the Avatar contract.


Q: Is the codebase expected to comply with any EIPs? Can there be/are there any deviations from the specification?

No


Q: Are there any off-chain mechanisms for the protocol (keeper bots, arbitrage bots, etc.)? We assume they won't misbehave, delay, or go offline unless specified otherwise.

No


Q: If the codebase is to be deployed on an L2, what should be the behavior of the protocol in case of sequencer issues (if applicable)? Should Sherlock assume that the Sequencer won't misbehave, including going offline?

Sherlock should assume that the Sequencer won't misbehave.


Q: What properties/invariants do you want to hold even if breaking them has a low/unknown impact?

Bancor formula invariant. Price = Reserve / Supply * reserveRatio


Q: Please discuss any design choices you made.

The bancor formula requires power fraction and that results in precision loss depending on where the system is. We've tested and ensured that precision tends to favour the protocol


Q: Please list any known issues and explicitly state the acceptable risks for each known issue.

Same as the above, there are acceptable approximations due to power precision. We've tested to ensure that we're talking about ~1e6 precision on most cases and 1e3 loss on extreme scenarios.


Q: We will report issues where the core protocol functionality is inaccessible for at least 7 days. Would you like to override this value?

It's ok.


Q: Please provide links to previous audits (if any).

https://docs.mento.org/mento/developers/smart-contracts/audits


Q: Please list any relevant protocol resources.

https://docs.mento.org


Audit scope

mento-core @ 8722c6da3bb8a161996ca0b8fc2a4d0847b0916c

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published