- Join Sherlock Discord
- Submit findings using the issue page in your private contest repo (label issues as med or high)
- Read for more details
Initially Base, Ethereum, Arbitrum, BSC. Blast and other EVM-compatible chains are planned but will need some changes.
Any ERC20 tokens should be able to be used. We are not concerned with problems brought about by token blocklists.
Not ERC721 tokens will interact with the contracts.
No.
None.
Yes.
No.
TRUSTED
TRUSTED
There's a treasury that receives protocol fees both for token buybacks and for developers. This system is left manual for now (will start as an EOA/multisig) and the owner is trusted.
Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
No.
- Contracts are not set-up for Blast network or zkSync.
- Temporary LP DOS by minting/burning tokens to an LP. We've added protection to make this less effective if it's a small amount, but otherwise accept that it can be done. If it can be made permanent, cost effective, and can't be defended against with a private RPC then that would be a legitimate bug.
- Blocklist token problems are understood and not a concern.
- Tx failures and griefing resulting from MEV protection are known and accepted.
- DOS during bootstrapping by sending 1 wei of token directly to the pair right before a user attempts to sell their whole token balance.
2 solo audits are still finalizing so no links are available for those yet.
Our other audit is available here https://github.com/inedibleX/goat-trading/blob/main/audits/OxAnmol%20Goat%20Trading%20Audit%20Report.pdf
Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
No.
Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
Yes, these are acceptable risks.
Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?
Besides what was mentioned above (not concerned about blocklists, will use fee-on-transfer, not rebasing, etc.) we don't expect more, but would appreciate feedback if there are important ones that could cause big problems.
https://goattrading.gitbook.io/goat