Superform

Posted on Nov 24, 2023Read on Mirror.xyz

Superform’s First Security Competition, Hosted by Cantina

Superform Labs has partnered with Cantina for a security review code competition of the Superform Protocol.

Competition Details

  • November 27th 20:00 UTC to December 11th 20:00 UTC

  • $140k total prize pool

  • 5500 sLOC

The Superform Protocol

The Superform Protocol is a suite of non-upgradeable, non-custodial smart contracts that act as a central repository for yield and a router for users. At its core, Superform enables two novel experiences:

  1. Developers: Deploy your vault once. Permissionlessly list it on Superform. Access users on all chains.

  2. Yield Seekers: Deposit into any vault, on any chain, from any chain, using any token.

The protocol makes yield discovery, execution, and distribution across chains a seamless experience.

  • For an overview of the Superform Protocol, read more here.

  • For a deep dive into the Superform Protocol, read our developer docs here.

The Scope

The scope includes 5,250 nSLOC in superform-core and 250 nSLOC in an extension to ERC1155: ERC1155A.

Out of Scope

  • Anything in src/vendor & exploits concerning the inappropriate behavior of keeper roles, see Github.

  • Findings in previous audits, see Github.

Prize Distribution and Scoring

The $140k prize distribution works as follows:

  • Security reviewers will score points for each finding.

  • Prizes are distributed proportionally to the number of points scored.

  • A High is worth 10 points, a Medium 3 points, and Low / Gas Optimization 1 point.

  • Duplicate findings will be resolved using a scoring formula that incentivizes unique findings.

  • $130k of the prize pot is reserved for High / Medium findings that will be ranked and awarded on a curve.

  • $10k of the prize pot is reserved for Low / Gas Optimization findings that will be ranked and awarded on a curve.

All details on the scoring formula will be available on the Cantina competition page before going live. Cantina is also hosting a live code walkthrough in Discord, Monday the 27th at 15:00 UTC.

Remember, you need an invitation to join the Superform security competition. Reach out to @CantinaBouncer or @superformxyz on X to get an invitation.

To stay up to date with Superform and the competition, follow @superformxyz on X or join the Superform Discord.

ARWEAVE TX

mpTWRHG3vXTEus5yM2sdmj1Qtn1otnDpt1LG_Sns3U8

ETHEREUM ADDRESS

0x0E24b0F342F034446Ec814281AD1a7653cBd85e9

CONTENT DIGEST

uEkDvQTr2Pm2dGqv5BX_5BNCHx-xreOJ4R6hpKNeURQ

Recommended Reading
IN CONVERSATION WITH: Jared Madere500k Block Reorg on L3 WTFClaim Your First Cryptocurrency from Telegram MiniApp (Next $NOT Coin?)Derivatives Market: Fast Finality for Rollups