- Total Prize Pool: $40,000 in USDC
- HM awards: $31,875 in USDC
- QA awards: $1,325 in USDC
- Judge awards: $3,300 in USDC
- Validator awards: $3,000 USDC
- Scout awards: $500 USDC
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts June 24, 2024 20:00 UTC
- Ends July 8, 2024 20:00 UTC
The 4naly3er report can be found here.
Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues
section is considered a publicly known issue and is ineligible for awards.
- Rounding error from (stETH/wstETH) conversion
- Owner is TechOps multisig
- We did not add ERC20 Permits, we could add them later
- We assume the user will chose the correct external function based on their collateral type (ETH/WETH/stETH/wstETH)
- DEX is hardcoded and will either be 0x or 1Inch
- A user is expected to rationally chose between normal zap router and leverage zap router
Route between different zaps and functionality.
- One-click Leverage: use flash loans via leverage macro to lever loop in one action
- Flippening: a wrapper on leverage where you sell the final eBTC for more stETH (lever long ETH)
- Native ETH: Deposit from native ETH and auto-wrap into stETH
- ETH Variants deposits: come from WETH and wstETH as well for convenience
- Previous audits: https://gist.github.com/GalloDaSballo/4e345cec4e3aef9682f320149b3027aa
- Documentation: https://github.com/ebtc-protocol/ebtc-zap-router/blob/main/README.md
- Website: https://badger.com/
- X/Twitter: https://twitter.com/badgerdao
- Discord: https://discord.gg/badgerdao
Contract | SLOC | Purpose | Libraries used |
---|---|---|---|
EbtcLeverageZapRouter.sol | 254 | Main swap router contract that defines user facing external functions | N/A |
LeverageZapRouterBase.sol | 216 | Base contract that implements functions for zap routers that use leverage | N/A |
ZapRouterBase.sol | 116 | Base contract that implements functions for all zap routers | N/A |
IEbtcLeverageZapRouter.sol | 37 | Leverage zap router interface contract and types | N/A |
LeverageMacroBase.sol | 383 | Base contract that performs flash loans, CDP operations and DEX swaps | N/A |
TOTAL | 1006 |
All files not in the scope table are Out Of Scope
Question | Answer |
---|---|
ERC20 used by the protocol | eBTC, stETH |
Test coverage | ebtc-protocol - Lines: 72.80%, Functions: 57.22% & ebtc-zap-router - Lines: 47.06 %, Functions: 54.64% |
ERC721 used by the protocol | None |
ERC777 used by the protocol | None |
ERC1155 used by the protocol | None |
Chains the protocol will be deployed on | Ethereum |
Question | Answer |
---|---|
Enabling/disabling fees (e.g. Blur disables/enables fees) | No |
Pausability (e.g. Uniswap pool gets paused) | No |
Upgradeability (e.g. Uniswap gets upgraded) | No |
N/A
- Position manager permit needs to be revoked after each operation
- ZapRouter contract should not hold any CDP positions
- ZapRouter contract should not have any tokens after each operation (aside from rounding)
- Fee should be assessed only when debt increases
- Owner cannot execute arbitrary calls
Role | Description |
---|---|
TechOps multisig | Can rescue tokens |
N/A
Clone the repo;
git clone --recurse https://github.com/code-423n4/2024-06-badger.git
For ebtc-protocol
tests (Both for Hardhat and Foundry);
cd ebtc-protocol
yarn
cd packages/contracts
For ebtc-protocol
Hardhat tests:
yarn test
For ebtc-protocol
Foundry tests:
forge test
For ebtc-protocol
test coverage:
forge coverage
File | % Lines | % Statements | % Branches | % Funcs |
---|---|---|---|---|
Total | 72.80% (3471/4768) | 72.15% (4385/6078) | 56.18% (850/1513) | 57.22% (622/1087) |
For ebtc-zap-router
tests;
cd ebtc-zap-router
forge install
cd lib/ebtc
yarn
cd ../../
forge build
forge test
For ebtc-zap-router
test coverage:
forge coverage
File | % Lines | % Statements | % Branches | % Funcs |
---|---|---|---|---|
script/DeployEbtcZapRouter.sol | 0.00% (0/11) | 0.00% (0/19) | 100.00% (0/0) | 0.00% (0/1) |
src/EbtcLeverageZapRouter.sol | 85.19% (69/81) | 83.33% (90/108) | 67.65% (23/34) | 75.00% (12/16) |
src/EbtcZapRouter.sol | 88.16% (67/76) | 90.00% (81/90) | 46.43% (13/28) | 88.89% (16/18) |
src/LeverageZapRouterBase.sol | 80.00% (56/70) | 81.08% (60/74) | 61.11% (11/18) | 78.57% (11/14) |
src/ZapRouterBase.sol | 89.19% (33/37) | 92.73% (51/55) | 60.00% (6/10) | 90.91% (10/11) |
src/invariants/ZapRouterActor.sol | 31.58% (6/19) | 19.05% (4/21) | 25.00% (2/8) | 66.67% (2/3) |
src/invariants/ZapRouterProperties.sol | 0.00% (0/5) | 0.00% (0/14) | 100.00% (0/0) | 0.00% (0/5) |
src/invariants/ZapRouterStateSnapshots.sol | 0.00% (0/107) | 0.00% (0/109) | 0.00% (0/48) | 0.00% (0/3) |
src/testContracts/UniswapV3CollAdapter.sol | 0.00% (0/62) | 0.00% (0/80) | 0.00% (0/20) | 0.00% (0/3) |
src/testContracts/WstETH.sol | 35.56% (48/135) | 32.35% (55/170) | 18.33% (11/60) | 30.91% (17/55) |
test/ZapRouterBaseInvariants.sol | 100.00% (52/52) | 100.00% (63/63) | 50.00% (4/8) | 100.00% (13/13) |
test/invariants/TargetFunctionsBase.sol | 95.08% (58/61) | 96.05% (73/76) | 50.00% (12/24) | 80.00% (8/10) |
test/invariants/TargetFunctionsNoLeverage.sol | 0.00% (0/175) | 0.00% (0/213) | 0.00% (0/48) | 0.00% (0/12) |
test/invariants/TargetFunctionsWithLeverage.sol | 67.08% (108/161) | 65.44% (142/217) | 36.67% (22/60) | 60.71% (17/28) |
test/invariants/echidna/EchidnaLeverageTester.sol | 0.00% (0/2) | 0.00% (0/2) | 100.00% (0/0) | 0.00% (0/1) |
test/invariants/echidna/EchidnaNoLeverageTester.sol | 0.00% (0/2) | 0.00% (0/2) | 100.00% (0/0) | 0.00% (0/1) |
Total | 47.06% (497/1056) | 47.14% (619/1313) | 28.42% (104/366) | 54.64% (106/194) |
Employees of Badger and employees' family members are ineligible to participate in this audit.