- Join Sherlock Discord
- Submit findings using the issue page in your private contest repo (label issues as med or high)
- Read for more details
mainnet, Optimism, Base
ECO token at 0x8dBF9A4c99580fC7Fd4024ee08f3994420035727
none
none
non
Yes, both the ECO token and the token in the repo. Rebases are EOA triggered and infrequent.
There is a trusted admin contract given access to the L1ECOBridge contract as the upgrader. There is also trusted contracts in the Optimism (and Base) contract system that have certain privileges, but whatsons should have an understanding of these.
as part of deploy, any ownership roles are given away to the contracts themselves
The ECO token (on mainnet) has a pausing role that allows the triggering of a pause (reverting all transfers). This action should not cause the permanent loss of user funds. Funds must be recoverable once the pause is lifted.
Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
EIP 712
AMM (or any external contract) arbitrage due to rebasing is not a valid finding.
The audit is meant to be focused heavily on High/Medium issues that affect L2ECOBridge.sol, L1ECOBridge.sol and L2ECO.sol. If there is a Medium issue found in ECO.sol but it does not affect the three contracts above, then it may not be considered in scope and rewarded. ECO.sol and other contracts were put in scope simply to allow Watsons to find any issues in those contracts that would also affect the main 3 contracts (L2ECOBridge.sol, L1ECOBridge.sol and L2ECO.sol).
none
Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
no relevant mechanisms
Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
yes