/2023-01-astaria

Primary LanguageSolidityOtherNOASSERTION

Astaria contest details

  • Total Prize Pool: $90,500 USDC
    • HM awards: $63,750 USDC
    • QA report awards: $7,500 USDC
    • Gas report awards: $3,750 USDC
    • Judge + presort awards: $15,000 USDC
    • Scout awards: $500 USDC
  • Join C4 Discord to register
  • Submit findings using the C4 form
  • Read our guidelines for more details
  • Starts January 5, 2023 20:00 UTC
  • Ends January 19, 2023 20:00 UTC

C4udit / Publicly Known Issues

The C4audit output for the contest can be found here within an hour of contest opening.

Note for C4 wardens: Anything included in the C4udit output is considered a publicly known issue and is ineligible for awards.

Issues reported in the public Astaria repo before the start of the contest are considered known issues and are not eligible for rewards.

Overview

Astaria is an NFT lending protocol offering instant liquidity to borrowers. Strategists deploy Vaults and provide updateable loan terms on a per-NFT basis. Borrowers deposit their NFTs into the Astaria protocol and to borrow according to a strategist's terms. PrivateVaults may only accept capital from the strategist that deploys them, while PublicVaults may accept capital from any liquidity providers. PublicVaults operate around an epoch system that requires liquidity providers to signal which epoch they wish to withdraw in advance.

Please see https://docs.astaria.xyz/docs/intro for a detailed description of protocol functionality and smart contract architecture.

Scope

All contracts in src/ have accompanying interfaces with natspec documentation in the interfaces folder. Points of complexity to thoroughly audit are the validation of loan terms using merkle proofs (in VaultImplementation), and edge cases around liquidity providers withdrawing from PublicVaults through WithdrawProxies.

File SLOC Description Libraries
Contracts (9)
src/TransferProxy.sol 17 The TransferProxy handles payments to loans (LienTokens). solmate/*
src/BeaconProxy.sol 🖥 💰 👥 33 Beacon contract for upgradeability. clones-with-immutable-args/*
src/Vault.sol 63 PrivateVault contract, where only permissioned lenders can deposit funds. solmate/*
src/ClearingHouse.sol 🖥 🧮 Σ 181 ClearingHouses are deployed for each new loan and settle payments between Seaport auctions and Astaria Vaults if a liquidation occurs. It also stores NFTs that borrowers deposit to take out a loan. solmate/* clones-with-immutable-args/* seaport/*
src/WithdrawProxy.sol 🖥 🧮 Σ 234 A new WithdrawProxy is deployed for each PublicVault when at least one LP wants to withdraw by the end of the next epoch. It handles funds from loan repayments and auction funds. solmate/* gpl/*
src/CollateralToken.sol 🖥 🧪 🧮 Σ 499 CollateralTokens are ERC721 certificates of deposit for NFTs being borrowed against on Astaria, giving the owner the right to the underlying asset when all debt is paid off. solmate/* gpl/* seaport/* clones-with-immutable-args/*
src/PublicVault.sol 🖥 🧮 Σ 552 Contract for permissionless-lending Vaults, handling liquidations and withdrawals according to the epoch system. solmate/* gpl/* clones-with-immutable-args/*
src/AstariaRouter.sol 🖥 💰 🧮 Σ 677 A router contract for handling universal protocol behavior and endpoints into other core contracts. solmate/* gpl/* clones-with-immutable-args/* seaport/*
src/LienToken.sol 🖥 🧪 🧮 Σ 773 LienTokens are non-fungible tokenized debt owned by Vaults. This contract handles the accounting and liquidation of loans throughout their lifecycle. solmate/* gpl/*
Abstracts (8)
src/WithdrawVaultBase.sol 25 Base contract for WithdrawProxy. clones-with-immutable-args/*
src/AstariaVaultBase.sol 41 Contract with pointers to vault constants and contract implementations. clones-with-immutable-args/*
lib/gpl/src/ERC4626Router.sol 💰 46 ERC4626 router contract. gpl/* solmate/*
lib/gpl/src/ERC4626RouterBase.sol 💰 53 ERC4626 base router contract. gpl/* solmate/*
lib/gpl/src/ERC4626-Cloned.sol 119 Custom base ERC4626 implementation. solmate/* clones-with-immutable-args/* gpl/*
lib/gpl/src/ERC20-Cloned.sol 🖥 🧮 🔖 Σ 146 Custom base ERC20 implementation.
lib/gpl/src/ERC721.sol 🖥 🧮 Σ 198 Slightly modified base ERC721 implementation.
src/VaultImplementation.sol 🖥 🧮 🔖 Σ 294 Base vault contract with behavior for validating and issuing loan terms. solmate/* gpl/*
Interfaces (28)
src/interfaces/IBeacon.sol 4 Beacon contract interface.
src/interfaces/IERC165.sol 4 ERC165 interface.
src/interfaces/ISecurityHook.sol 4 SecurityHook interface.
lib/gpl/src/interfaces/IMulticall.sol 💰 6 Multicall interface.
lib/gpl/src/interfaces/IWETH9.sol 💰 6 ERC4626-compliant AstariaRouter base contract interface.
src/interfaces/IRouterBase.sol 6 AstariaRouter base contract interface.
src/interfaces/IERC20Metadata.sol 7 ERC20 metadata interface.
src/interfaces/IERC721Receiver.sol 9 ERC721Receiver interface.
src/interfaces/ITransferProxy.sol 9 TransferProxy interface.
src/interfaces/IFlashAction.sol 11 FlashAction interface. Anyone may create a contract implementing this interface to define an action performed by a collateralized NFT in a flash loan.
src/interfaces/IStrategyValidator.sol 11 StrategyValidator interface.
src/interfaces/IAstariaVaultBase.sol 12 Vault base contract interface.
src/interfaces/IERC1155Receiver.sol 18 ERC1155Receiver interface.
src/interfaces/IERC20.sol 18 ERC20 interface.
lib/gpl/src/interfaces/IERC4626Router.sol 💰 20 ERC4626-compliant AstariaRouter main contract interface.
src/interfaces/IWithdrawProxy.sol 23 WithdrawProxy interface.
lib/gpl/src/interfaces/IUniswapV3Factory.sol 26 Uniswap V3 factory contract interface.
lib/gpl/src/interfaces/IERC4626RouterBase.sol 💰 32 ERC4626-compliant AstariaRouter base contract interface.
src/interfaces/IERC721.sol 36 ERC721 interface.
src/interfaces/IERC1155.sol 51 SecurityHook interface.
lib/gpl/src/interfaces/IUniswapV3PoolState.sol 52 Uniswap V3 state contract interface.
src/interfaces/IERC4626.sol 61 ERC4626 interface.
src/interfaces/IVaultImplementation.sol 68 VaultImplementation interface.
src/interfaces/IPublicVault.sol 78 PublicVault interface.
src/interfaces/IV3PositionManager.sol 💰 98 Uniswap V3 PositionManager interface.
src/interfaces/ICollateralToken.sol 112 CollateralToken interface. seaport/*
src/interfaces/IAstariaRouter.sol 195 AstariaRouter interface. solmate/* gpl/* seaport/*
src/interfaces/ILienToken.sol 208 LienToken interface.
Total (over 45 files): 5136

Additional Context

Scoping Details

- If you have a public code repo, please share it here: https://github.com/AstariaXYZ/astaria-core
- How many contracts are in scope?: 37 (including interfaces)
- Total SLoC for these contracts?: 3,475
- How many external imports are there?: 7
- How many separate interfaces and struct definitions are there for the contracts within scope?: 25 interfaces, 35 structs  
- Does most of your code generally use composition or inheritance?: Inheritance  
- How many external calls?: 2
- What is the overall line coverage percentage provided by your tests?: ~90 (`forge coverage` currently throws a "stack too deep" error on large codebases)
- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: Yes  
- Please describe required context: The protocol contains a few contracts that are interwoven to maintain the entire protocol, so good understanding of one aspect helps understand settlement in other areas.   
- Does it use an oracle?: No
- Does the token conform to the ERC20 standard?: No token
- Are there any novel or unique curve logic or mathematical models?: PublicVaults (open to all liquidity providers) use an epoch system which schedules withdrawals and distributes auction funds in order to ensure solvency and prevent there ever being a run on a Vault.
- Does it use a timelock function?: Not directly, we have a method on the router fileGuardian that will be behind a timelock eventually.
- Is it an NFT?: The protocol tokenizes loans as LienTokens and mints CollateralTokens as certificates of deposit on locked collateral.
- Does it have an AMM?: No
- Is it a fork of a popular project?: No 
- Does it use rollups?: No 
- Is it multi-chain?: No
- Does it use a side-chain?: No

Tests

For more details on the Astaria protocol and its contracts, see the docs

Astaria Contracts Setup

Astaria runs on Foundry. If you don't have it installed, follow the installation instructions here.

Note that since this codebase uses Foundry remappings for imports, cmd/ctrl-click to jump to different files is not currently supported.

If you're using Slither, ensure you're using the latest version to avoid this sourceMap issue: crytic/crytic-compile#281.

To install contract dependencies, run:

forge install
yarn

To Deploy on a forked network, update your RPC in docker-compose.yml first and then run:

sh scripts/boot-system.sh

Tests are located in src/test. To run tests, run:

forge test --ffi --fork-url "<your-mainnet-url>" --fork-block-number 15934974 --gas-report

Quickstart

export FORK_URL="<your-mainnet-rpc-url-goes-here>" && rm -Rf 2023-01-astaria || true && git clone https://github.com/code-423n4/2023-01-astaria.git -j8 --recurse-submodules && cd 2023-01-astaria && nvm install 16.0 && foundryup && forge install && yarn install && forge test --ffi --fork-url $FORK_URL --fork-block-number 15934974 --gas-report