/2023-09-perennial

Primary LanguageTypeScript

Perennial V2 #2 contest details

Q&A

Q: On what chains are the smart contracts going to be deployed?

One or all of the following: Ethereum L2, Arbitrum, Optimism, Base

Q: Which ERC20 tokens do you expect will interact with the smart contracts?

DSU and USDC (USDC.e on Arbitrum, native USDC on Base)

Q: Which ERC721 tokens do you expect will interact with the smart contracts?

None

Q: Which ERC777 tokens do you expect will interact with the smart contracts?

None

Q: Are there any FEE-ON-TRANSFER tokens interacting with the smart contracts?

No

Q: Are there any REBASING tokens interacting with the smart contracts?

No

Q: Are the admins of the protocols your contracts integrate with (if any) TRUSTED or RESTRICTED?

TRUSTED

Q: Is the admin/owner of the protocol/contracts TRUSTED or RESTRICTED?

Protocol admin: TRUSTED

Q: Are there any additional protocol roles? If yes, please explain in detail:

Markets have Owners and Coordinators which can update parameters for that specific market - these coordinators have a large amount of flexibility within their own market but should not be able to adversely affect other markets or the overall protocol.

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

No

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

As stated above - market owners+coordinators can do many things within their markets which could adversely affect user funds within those markets. However, they should not be able to affect other markets

Flywheel being down due to external downtime - sequencer and oracle downtime does not have special case handling. Perennial also does not provide grace periods for users to cure their positions when these systems do come back up

Q: Please provide links to previous audits (if any).

This is a fix review for the original Sherlock audit: https://github.com/sherlock-audit/2023-07-perennial-judging

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

Yes - there are keepers for oracle updates, liquidations, and order types

Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

We want to be aware of issues that might arise from oracle or DSU integrations

Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?

USDC

Q: Add links to relevant protocol resources

V1 Overview docs: https://docs.perennial.finance/

V2 Mechanism 1-pager: https://docs.google.com/document/d/1f-V_byFYkJdJAHMXxN2NiiDqysYhoqKzZXteee8BuIQ/edit

Audit scope

root @ d531cf7f0c1d417e9987b706092e177021a89e5d

perennial-v2 @ 3e7c37d42a19f2f1c262d4059bbcafe7d37c5796