Workers Auto Approve
Lender Contract Audit
contract, wallet, audit, security
Need an audit of this smart contract to help identify attack vectors and other non-intended outcomes.
The contract is a contract wallet that interact's with Compound's money market contracts (compound.finance), which have an ERC20 interface and are referred to as CTokens throughout the contract. CTokens accept a supply of an ERC20 (e.g., 1 DAI) and returns roughly 50x more of another ERC20 (e.g., 49 cDAI) to the sender in return. The only function calls to CTokens are of:
- mint: how to supply to the CToken contract
- redeem: how to withdraw from the CToken contract
- exchangeRateStored: pulls the current exchange rate for converting tokens to cTokens
Both mint and redeem return a non-zero integer if invalid inputs are provided. More information on the mint and redeem functions can be found here: https://compound.finance/developers#ctokens
- users transfer ERC20 tokens to their contract wallet (this contract)
- users or admin call the supply function to transfer the ERC20 to Compound's CToken contract and the user's contract wallet receives a cERC20 in return
- users or admin call the withdraw function to:
- transfer cERC20 to the CToken contract and receive the requested amount of ERC20s in return
- calculate how much the user has earned from having supplied to Compound's money market
- transfer 9.5% of ERC20s earned to an admin account as a fee (covers gas costs, etc) then transfer
the remaining ERC20s back to the user's address
Interested in auditing the logic and functionality of LenderContractWallet, rather than the CToken contract.
Out-of-scope: All else
- Numerous meaningful deviations from Solidity best practices (15 DAI)
- Sending the incorrect amount of tokens to either the userAddress or feeHoldingAddress (25 DAI)
- Malicious (e.g., theft) actions that can be taken by an admin account (75+ DAI)
- Malicious actions that can be taken by a non-admin or user account (75+ DAI)
Any other non-trivial issues, critical or otherwise, will be compensated in some form as well.
Setup your profile
Tell us a little about you:
No results found for
Type to search skills..
Required [[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Setup your profile
Our tools are based on the principles of earn (💰), learn (📖), and meet (💬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email: