- Join Sherlock Discord
- Submit findings using the issue page in your private contest repo (label issues as med or high)
- Read for more details
Mainnet, Arbitrum, Optimism
Any. Must conform to ERC20 metadata with string memory name
, string memory symbol
, uint8 decimals
variables.
None
None
No. Fee-on-transfer tokens are not supported.
No. Rebasing tokens are not supported.
TRUSTED
TRUSTED
The Option Teller has permissioned functions that are controlled by the Bond Protocol RolesAuthority contract. The Bond Protocol MS is the only permissioned contract on the authority.
Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
Option Token is expected to conform to ERC-20.
None.
These contracts have not been audited previously. Several library contracts which are used here were used in the previously audited Bond Protocol systems (Clones, FullMath, TransferHelper). Additionally, the design of the Option Teller is similar to the Bond Protocol Fixed Expiry Teller which has been audited.
Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
None.
Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
Yes. The only potential external integration are oracle price feeds. Validation and handling of outages must be done in the user's IBondOracle implementation. Examples have been provided or them at https://github.com/Bond-Protocol/issuer-contracts.
Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?
The protocol is permissionless. Fee-on-transfer is explicitly prohibited in the code. Our documentation will reflect that rebasing tokens and tokens without string metadata are not supported. Odd decimal values are supported, though could result in precision loss.
https://docs.bondprotocol.finance