Completed Bounties
Cascadia
https://github.com/CascadiaFoundation/alignment/blob/main/README.md
Results
VectorReserve
Vector Reserve introduces vETH, the first Liquidity Position Derivative (LPD) in DeFi, representing a new asset class for diversified, low-risk, high-return investment. vETH's value stems from LP positions in ETH/LST and ETH/LRT pairs, enhanced by Superfluid Staking on EigenLayer, trading fees, and yield strategies. This innovation surpasses traditional LST/LRT products in yield generation. Users can utilize liquid vETH in various DeFi protocols. Central to Vector's ecosystem is the VEC Token, a multi-utility reserve currency designed for value accrual through sustainable economic practices, including revenue from vETH and Treasury Management. The Vector Reserve LBP is your opportunity to secure an allocation of VEC Tokens prior to the TGE. It’s time to get in on the ground floor of DeFi’s first Liquid Position Derivative (LPD) and join the next stage of the LST/LRT revolution!
Results
CEDEN Smart Contract Audit
CEDEN is a content delivery network with a staking portal. Keystone NFTs are staked and receive block rewards as well as vesting rewards. We allow users to fund a USDC wallet in the portal, which CEDEN can access to auto pay users mining bills as the come due. This is one of the custody exposure attack points we are concerned with. Written in Solidity on zkSync More information at: www.ceden.network
Shezmu
Shezmu is one of the pioneers of the supply-elastic NFTfi model, Shezmus is ambitiously constructing the first hybrid isolated lending market that supports both ERC721, ERC1155 and ERC20 standards. The primary area of concentration lies within the Oasis folder, where all contracts are organized. Specifically, the ERC20Vault, ERC721Vault (forked from JPEG’d) and ERC1155Vault components which are crucial aspects of the lending market infrastructure. Their individual codebases are intentionally kept under 1K lines, demonstrating a focus on concise and efficient logic for secure handling of ERC20 and ERC1155 tokens. In addition to these foundational elements, your audit should encompass the ERC1155 and ERC721 auction contracts. The necessity of the auction contract is to process liquidations for those who default on their loans. These contracts have been crafted to complement the lending market seamlessly, with an emphasis on optimized code to ensure efficiency. The overall goal is to validate the integrity and security of these auction contracts, especially in facilitating dynamic transactions involving non-fungible tokens (NFTs).
Results
Razor DAO
Our project is a decentralized exchange built on Uniswap V2's x * y = k constant product model. Powered by the Move Language, our DEX aims to provide users with a secure, transparent, and an unparalleled trading experience within the Movement ecosystem. We are seeking a comprehensive audit to ensure the robustness, security, and overall code integrity of our smart contracts. The audit should cover areas such as code correctness, vulnerability assessment, compliance with industry standards, and protection against potential exploits or attacks. Having a very solid knowlege of the Move Language is an essential prerequisite for this bounty.
Results
Yeet
YEET is a socialfi app where one person wins a pool of assets. The game is played by depositing $BERA into the pool, and the winner is rewarded the pool of assets once the finish condition is met. The game also has simple token-economics attached to it where we will be given out daily rewards in the form of $YEET tokens to players who deposit assets into the pool during that period. The rewards are distributed each epoch (24 hours) and are done so pro-rata to each player according to how much $BERA they deposited in the epoch that has just elapsed. Anyone can also stake their $YEET tokens to earn a share of the assets that are deposited into the pool by players. We believe the game is very simple and has a low complexity in terms of the game rules and the token-economics attached to it. Contract overview: https://www.yeetit.xyz/Contracts.png
Results
Kanpai Pandas Traits as NFTS
Tue Apr 30 2024This is a simple NFT (ERC1155) contract will act as an on chain version of the traits held by Kanpai Pandas. Currently holders are able to manage their traits off chain at ppdex.io. Using these contracts holders will be able to remove a trait from their NFT and transfer it on chain to be sold/traded on marketplaces. Holders will also be able to move the traits back on to their NFTs by burning the tokenized version of the trait and adding it back to the NFTs metadata via our website (ppdex.io).
Results
fantasy.top
Description: # Some audit guidelines - We want to ensure our contracts are safe for our users. We don't want malicious actors to be able to take our users' tokens. - We want to ensure our users can trade our NFTs only through our exchange contract. - We want to ensure our exchange fees cannot be bypassed. - We want to ensure nobody can mint new NFTs without following our minter configurations (rules). - We don't really care about gas optimization, please don’t waste your precious audit time on them. # Fantasy Gameplay - Fantasy is a Trading Card Game in which players collect cards featuring crypto influencers to compete and earn ETH, BLAST, more cards, and FAN Points. - Players acquire cards on the Fantasy marketplace, using them to assemble a deck and compete in the Fantasy Tournaments. - Players are ranked based on their influencers' performance on Twitter. At the end of a competition, rewards are distributed according to the players' rankings. - Newly distributed cards are minted, completing the initial distribution of cards, which was initiated through an airdrop and a sale. - A VRGDA allows players to buy cards from the Fantasy Shop.
Results
Crypto Unicorns Token (CU)
Crypto Unicorns is a Digital Pet Collecting and Farming Game. The CU Token is the game’s “hard currency”. CU Token is an ERC-20 built on the ERC-2535 Diamond Multi-facet proxy architecture. The proxy router contract is deployed on Arbitrum at 0x89C49A3fA372920aC23ce757A029e6936c0b8e02. The logic fulfillment contracts are enumerated by the facets endpoint, which has the following contracts attached: • DiamondCutFacet 0xCF9d07aA039C0324DEb08C394942dD5A78666582 (cloc 370) • DiamondLoupeFacet 0x5851E1aEc6f096385a72F348a57cD29fe40e5D85 (cloc 358) • DiamondProxyFacet 0x512c0531297066b025E5A383aF40bFf2d24bAD70 (cloc 148) • DiamondOwnerFacet 0x5632dceEfeFcDA67D50ADD24b2059c56F543bcCC (cloc 100) • SupportsInterfaceFacet 0x06F3fa1D805e5f1124786B72c3D61E04652c5Ee8 (cloc 194) • ERC20Facet 0x17eA03AC830AE9f331567CA70f1b45942f397dEA (cloc 750) • CUBridgeOFTFacet 0x57AdA129d49F9F1E6F367B10360658A9B6948263 (cloc 2162) • Only the following functions are mounted on the diamond proxy: • Selector: 0x001d3567, Function: lzReceive • Selector: 0x66ad5c8a, Function: nonblockingLzReceive • Selector: 0x9f38369a, Function: getTrustedRemoteAddress • Selector: 0xd1deba1f, Function: retryMessage • ArbitrumEnabledToken 0xDB6B3321e4db941E281AFC83A9f15a4D7cF69B1c (cloc 296) • Only the following functions are mounted on the diamond proxy: • Selector: 0x8e5f5ad1, Function: isArbitrumEnabled The Diamond, DiamondCutFacet, DiamondLoupeFacet, DiamondProxyFacet, DiamondOwnerFacet, and SupportsInterfaceFacet contracts represent the core functionality of our smart contract architecture. This code maintains our upgradability layer and basic utilities for maintenance, interoperability, and access control. The ERC20Facet encapsulates all basic implementation details of the cryptocurrency. CU Token is a derivative of the RBW Token deployed on Polygon POS chain. As the Crypto Unicorns project moves from Polygon to a new Arbitrum based chain, players will migrate their RBW funds off of Polygon and convert them to new CU tokens on Arbitrum. Bridging from Polygon to Arbitrum is handled by the LayerZero OFT architecture. This is a one-way bridge from Polygon to Arbitrum. The CU Token implements this interface in order to allow LayerZero’s bridge oracle to trigger token emissions. This functionality is encapsulated in ArbitrumEnabledToken. A second bridge allows players to “wrap” CU tokens on the Arbitrum One chain, and emit corresponding Wrapped CU (wCU) on compatible Arbitrum sidechains. This bridge is bi-directional, and handled at the protocol level. The CU token requires the isArbitrumEnabled getter method, but otherwise does not use any code other than the ERC20 standard interface to interact with this bridge. Note on total lines of code: The sum of all verified code is 4723 lines, although this number includes common libraries and interfaces that are shared by multiple logic contracts, as well as unused functionality in some libraries which are uploaded in full for Arbiscan verification. Website/documentation: https://arbiscan.io/address/0x89C49A3fA372920aC23ce757A029e6936c0b8e02#code
Results
Wolf Game
Cave Game
Results
Magic Beans
Magic Beans is a simple OTC settlement program for SPL tokens on Solana. written in Rust/anchor. MB lets someone fill out an order ticket to buy or sell an SPL token at an arbitrary price & amount. You can see a non-functional UI at https://magicbeans.fun/wip. This escrows their side of the trade (SOL or the SPL token, depending on if they're buying or selling) in a PDA, and generates an order account. This order account's public key is then used by the counterparty to fill the order. Anyone can fill any order, partially or fully. It's essentially a standalone on-chain limit order. Orders have expiration times. Orders can be closed by the order creator, or if they're expired, by any signer. I plan to build an off-chain process that auto-closes expired orders so users don't have to.
Results
OmniNFT
Wed Jun 19 2024This is an multi-chain NFT. It supports minting, burning, and transferring from any chain that is supported by the token omnicat. The codebase is in solidity Contracts - - src/OmniNFTA.sol - This contract is deployed only on blast network. This is the base chain contract. - src/OmniNFT.sol - This contract is deployed on all other chains, and allows users to mint, burn and hold this nft on the chain of their choice. Functionality - - To mint an NFT, you have to lock a fixed amount of omnicat. This omnicat is held on the base chain contract (omniNFTA). You can mint from the base Chain, or any other supported chain with the OmniNFT contract. There is a limited number of NFTs in the collection, and the minting phase lasts as long as all the NFTs are not minted. - The NFT will initially have a tokenURI set as a placeholder. Once the minting phase is over, we will do NFT reveal, where we will set the tokenURI to be its actual value. - Burns can only be done after the minting phase. Burns can be done from whatever chain the NFT is on. When a user burns the NFT, they get back the omnicat they locked while minting the NFT. The user will get the omni on whatever chain they do the burn from. - The NFTs can be transferred between any of the supported chains. Scope - src/OmniNFT.sol src/OmniNFTA.sol src/OmniNFTBase.sol
Results
Volmex
A special Volmex project ushering in a new era of Volmex and crypto volatility!
Results
We're looking for an extensive security audit of the contracts (all in Solidity) for our three main products, which are (i) a novel AMM, (ii) an NFT lending platform, and (iii) a yield tokenisation platform on Berachain. All contracts have already been audited by Yearn Academy and Cyfrin. For more info see https://goldilocks.gitbook.io/docs.
Results
Arrow Markets
Invalid DateArrow Markets is a next generation options trading platform powered by a novel request-for-execution (RFE) network. Ownership, transfer, and settlement are handled on-chain while competitive prices are provided through our network of participating market makers. Arrow Markets' UX is world class, positioning the platform to onboard the next wave of web3 options traders.
Results
Aori
Invalid DateA high-frequency off-chain order book with on-chain settlement enabling capital efficient peer-to-peer markets.
Results
BeraMarket
Invalid DateNext gen futuristic high tech smooth brain ready shit for shit trading Bera liquidity fulfilling NFT market place for apes Degens and the like
Results
Schwap
Invalid DateOn-Chain OTC Exchange With An Emphasis on Trustlessness, Permissionlessness, and Handling Size
Results
LoFi Pepe NFT
Invalid DateNFT Staking Protocol for LoFi Pepe NFTs
Results
Sybil Samurai
Invalid DateSybil as a Service Protocol farming airdrops across multiple blockchains.
Results
Lexer Markets
Invalid DateDecentralized perpetual exchange for Forex, Crypto, NFT & more.
Results
Ramen Finance
Decentralized token launch protocol powering liquidity for new assets on Berachain. We want to audit the vault component of our contracts.
Results
Origami Super Savings USDS
Origami Super Savings USDS is an ERC-4626 vault that takes user deposits and automatically switches between Staked USDS staking and USDS staking in any currently available SKY farm depending on which currently has the higher APR. The vault will utilise CoWswap integration to swap SKY rewards back to USDS to auto-compound the rewards back into the underlying.
Results
BitCorn
BitCorn is a BTC staking protocol that allows you to stake your BTC on Babylon and receive our native LST, coBTC, in return. Users can then deploy their coBTC in additional DeFi activities to earn amplified yields whilst the underlying collateral accumulates rewards on Babylon. Welcome to the future of Bitcoin staking
Results
Voyage
Voyage is the ultimate destination for optimizing yields across popular blockchains, powered by an algorithm that dynamically sorts and allocates assets for the best risk-adjusted returns. Designed to tackle liquidity fragmentation and complex yield management, Voyage provides an automated, streamlined solution, empowering users to maximize returns without needing deep technical knowledge or active management. Our initial vaults—focusing on ETH and stablecoins—are being audited to ensure the highest level of safety upon TGE (Token Generation Event). Voyage integrates with top protocols like: • Beefy • Aerodrome • Curve • Convex • Aura
Results
Liquidmint
NFT Marketplace with ability to have mint fees and trading fees go to a liquidity pool which would then act as a backing for the collection. Could then use these pools to invest in other tokens
Results
fantasy top
auditing a smart-contracts update of the leading social betting app
blastResults
Beramonium
Invalid DateWe are Beramonium, an OG NFT (GameFi) project on Berachain. Right now, we are expanding our on-chain infra beyond the original ERC-721 collection with a planned ERC-20 to be used in-game. An integral part of that we want to audit is the vesting schedule for this token but distributed to the NFT holders that stake their tokens. The vesting schedule is simple and consists of an initial unlock followed up by a linear unlock with a day granularity. The contract was designed to be self-contained and will be interacted with: mainly by the external NFT staking contract via on-chain callbacks (optionally) by the NFT holders that wish to gradually claim the unlocked allocation To facilitate the review, we separated a repository together with tests that we used internally during development, please see https://github.com/Xanewok/bcg-vesting-audit for more information. The smart contract subject to audit is https://github.com/Xanewok/bcg-vesting-audit/blob/main/src/BcgVesting.sol.
Results
Pass is a social token on Berally that grants users access to private group chats and crowdfunding vaults. It functions similarly to Friendtech's key but integrates a unique Proof-of-Liquidity (POL) mechanism powered by Berachain's design. This means that every BERA spent on purchasing a Pass is automatically staked into the Berachain reward vault, earning POL rewards in BGT token README: https://github.com/berally/smartcontract/blob/main/passes/README.md
Results
User that stake $BRLY generate $revBRLY, a non-transferable token score that boosts incentives based on the staking duration. The longer a user stakes $BRLY, the higher their $revBRLY which will be counted to gain governance rights and dividends from platform revenue. README: https://github.com/berally/smartcontract/blob/main/staking/README.md
Results
Beramonium
Invalid DateWe need to audit our NFT staking smart contract, which will be required in our game Beramonium Gemhunters.
Results
BeeBribes - BERA staking wrapper
BeeBribes is a permissionless market/auction for liquidity incentives in the Berachain Proof-of-Liquidity mechanism. It wraps native BGT and BERA staking to perform bribery for users with minimalist extra security risk and native staking properties. Besides the main Auction, rewards and validator manamagement contracts there is a BERA staking wrapper which aims to reduce some of the custody risks and deposit limits currently imposed by the main berachain BeaconDeposit contract. The wrapper batches deposits, has a pre-deposit flow to reach min-stake and adds deposit-accounting to trustlessly reward stakers with the validator earnings. We are looking for an audit for specifically this wrapper only for now and its touches with the BeeBribesRewards contract. The contract will remain upgradeable for now as scaling the rewards mechanism further will be a multi-month process but we hope to have limited the risk for users as much as possible with trust-minimized pre-deposit withdrawal options and a direct-deposit method. The contract is not fully finished yet but looking to take initial interviews.
Results
BakerDao
Simple defi protocol. Two contracts: Bread.sol (<100 loc), Baker.sol (600 loc). Bread is a ERC20 token mintable / redeemable with gas token. It has some unique features such as being able to borrow / leverage against its backing. Baker is a contract to pool user gas token deposits to mint Bread in a permissioned manner. Comes with documentation and test suite :). Github will be permissioned to interested auditors. Setting 1 wk deadline, but looking for immediate availability and anticipating 2-3 day audit timeline + 1 day for fixes.
Results
BakerDao - Audit 2
Invalid DateFollow-up on first BakerDao audit
Results
Lock Yourself & Your Community In. A community driven NFT incentive tool . LockInCompounder is a Solidity smart contract that combines ERC721 non-fungible token (NFT) functionality with a staking and reward system. It enables users to deposit Proof of Liquidity (POL) tokens into pools, represented as NFTs, and earn rewards in the form of oriBGT tokens. The contract integrates with external protocols like Infrared and manages staking, reward distribution, and fee collection. ExternalTimeLockInNonFungiblePOL is a Solidity smart contract that implements a time-locked staking system for Proof of Liquidity (POL) tokens tied to an ERC721 NFT collection. It leverages an external LockInCompounder contract to stake POL tokens and earn oriBGT rewards, which are distributed to NFT holders based on their token ownership. The contract enforces a lock-in period during which POL cannot be withdrawn, but rewards can be claimed. After the lock period ends, NFT owners can redeem their proportional share of the staked POL.
Results
RootsFi
A PoL powered CDP Protocol on Berachain.
Results
Swappee
The contract is responsible for claiming incentives produced by PoL distribution on behalf of one or more users and swap them into native BERA or another ERC20 ($HONEY). Users need to provide enough allowance to the contract to pull tokens to swap after claims.
Results
Kodiak
Autocompounding vaults
Results
Tierra
We are looking for the audit of our main platform contract. TierraDAOs. Contributors can contribute to the DAO, where a DAO Manager can operate the funds for a certain period of time. The Tierra team reserves certain adm functions for the management of these.
Results
Lexer Markets
11/30/2023Decentralized perpetual exchange for Forex, Crypto, NFT & more.
ArbitrumResults
Sybil Samurai
11/29/2023Sybil as a Service Protocol farming airdrops across multiple blockchains.
ArbitrumResults
LoFi Pepe NFT
9/1/2023NFT Staking Protocol for LoFi Pepe NFTs
EthereumResults
Schwap
8/14/2023On-Chain OTC Exchange With An Emphasis on Trustlessness, Permissionlessness, and Handling Size
ArbitrumResults
Stacking Salmon
8/14/2023Decentralized lending protocol on Berachain where users can participate as lenders or borrowers in isolated lending pools
BerachainResults
BeraMarket
9/26/2023Next gen futuristic high tech smooth brain ready shit for shit trading Bera liquidity fulfilling NFT market place for apes Degens and the like
BerachainResults
Aori
5/18/2023A high-frequency off-chain order book with on-chain settlement enabling capital efficient peer-to-peer markets.
ArbitrumResults
Arrow Markets
2/09/2024Arrow Markets is a next generation options trading platform powered by a novel request-for-execution (RFE) network. Ownership, transfer, and settlement are handled on-chain while competitive prices are provided through our network of participating market makers. Arrow Markets' UX is world class, positioning the platform to onboard the next wave of web3 options traders.
Avalanche