Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

sherlock-audit/2023-03-Y2K

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
.sherlock
.sherlock
 
 
Earthquake
Earthquake
 
 
README.md
README.md
 
 

Repository files navigation

Y2K Finance contest details

Resources

On-chain context

DEPLOYMENT: [Arbitrum]
ERC20: [WETH, USDC, Y2K]
ERC1155: [Earthquake VaultV2]
FEE-ON-TRANSFER: [none]
REBASING TOKENS: [none]
ADMIN: [restricted]  
EXTERNAL-ADMINS: [trusted]

Please answer the following questions to provide more context:

Q: Are there any additional protocol roles? If yes, please explain in detail:

  1. Admin, Timelocker. Admin is EOA assinged on deployment, Timelock is a contract with Msig as owner.
  2. Admin can configure new markets and epochs on those markets, Timelock can make cirital changes like changing the oracle or whitelisitng controllers.
  3. For convinience the Admin is able to whitelist the first controller, Also the admin is configuring the oracle, however oracles are public and will be linked on mint page on the Front end.
  4. Admin Should not be able to steal user funds

A:

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

A: Should comply wiht 1155 standart

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

A: Admin is seting oracles when configuring new markets, users have the ability to investigate the oracle before mint. Admin is able to whitelist controller once for convenience to include setting controller in deployment script. Admin configuring markets or epochs, so this can be done programmatically

Q: Please provide links to previous audits (if any).

A: https://y2k-finance.gitbook.io/y2k-finance/products/earthquake/contracts-and-audits/audits

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

A: Settlement of vaults is permissionless, however on epoch configuratoin Gelato Network as well as Chainlink keeper is deployed.

Q: In case of external protocol integrations, are the risks of an external protocol pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

A: [NOT ACCEPTABLE]

Audit scope

Earthquake @ 736b2e1e51bef6daa6a5ecd1decb7d156316d795

About Y2K Finance

Y2K Finance is a suite of structured products designed for exotic peg derivatives, that will allow market participants the ability to robustly hedge or speculate on the risk of a particular pegged asset (or basket of pegged assets), deviating from their ‘fair implied market value’.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages