Skip to content

Latest commit

 

History

History
143 lines (90 loc) · 6.06 KB

File metadata and controls

143 lines (90 loc) · 6.06 KB

Audit Competition for Spectra

This repository is for the audit competition for the Spectra. To participate, submit your findings only by using the on-chain submission process on https://app.hats.finance/vulnerability .

How to participate

Good luck!

We look forward to seeing your findings.


Spectra core-v2

Main tests, gas reports, verbose, coverage Doc Developers

Spectra is an interest rate derivatives protocol for DeFi, with an easy-to-use flagship app. Its high efficiency and customizable design stand out, enabling builders and users to use its architecture for their needs. Composability and a permissionless approach are at the core of Spectra's design philosophy.

For more information about the protocol, you can refer to the protocol documentation.

To have a better understanding of how the contracts interact and behave please refer to the developers doc

Architecture Overview

High Level Contracts Architecture

Spectra Contracts Architecture

Principal Token

PrincipalToken

This is the core contract of Spectra. The Principal Token is EIP-5095 and EIP-2612 compliant. Users can deposit an EIP-4626 IBT or the underlying token of that IBT and receive Principal Tokens (PT) and Yield Tokens (YT). The PT contract holds the logic that separates the yield generated from the principal asset deposited in the IBT.

Yield Token

YieldToken

This contract represents the Yield Token (YT). The YT is an EIP-20 token and follows the EIP-2612 standard. The same amount of PT and YT is minted upon depositing into the protocol (PrincipalToken.deposit, PrincipalToken.depositIBT). The YT captures the yield generated by the deposited principal. Holding the YT allows the user to claim the corresponding amount of yield generated by the IBTs deposited in the associated PT contract.

Router

Router

This is a utility contract designed to perform operations like swapping in a Curve pool, adding/removing liquidity and wrapping/unwrapping of PTs and ERC4626 IBTs. It also includes utility functions for simulating a sequence of operations with a specified input amount, as well as an absolute simulation that does not account for fees and slippage.

Utils

PrincipalTokenUtil, CurvePoolUtil, Roles, NamingUtil

Different libraries are used to perform calculation and recurrent PT operations, or the naming of the tokens created by the protocol. The Roles library hold the list of Roles IDs used by the Access Manager. The CurvePoolUtil library holds some logic for computations and interactions with Curve pools.

Factory

Factory

This is the contract which is used to deploy PTs and Curve pools. Upon deployment, the factory will register the new contracts in the registry.

Registry

Registry

This contract stores protocol addresses such as the Factory, Router and PTs. It also maintains fee values.

Access Manager and Ownable

The Spectra protocol implements the OpenZeppelin AccessManager.

The following roles are defined:

  • ADMIN_ROLE - roleId 0 - the Access Manager super admin. Can grant and revoke any role. Set by default in the Access Manager constructor.
  • UPGRADER_ROLE - roleId 1 - the users who can upgrade the protocol implementations.
  • PAUSER_ROLE - roleId 2 - the DAO address that can pause the protocol (in case of emergency).
  • FEE_SETTER_ROLE - roleId 3 - the role that can change the fees in the protocol.
  • REGISTRY_ROLE - roleId 4 - the users who can call the registry contract to register new contracts addresses.

Installation

Follow this link to install Foundry, Forge, Cast and Anvil

Do not forget to update Foundry regularly with the following command

foundryup

Similarly for forge-std run

forge update lib/forge-std

Submodules

Run below command to include/update all git submodules like openzeppelin contracts, forge-std etc (lib/)

git submodule update --init --recursive

To get the node_modules/ directory run

yarn

Compilation

To compile your contracts run

forge build

Testing

Run your tests with

forge test

Find more information on testing with foundry here

Note: tests might take a long time to complete due to the number of fuzz runs. You can modify the runs parameter under the [fuzz] section of the foundry.toml file as per your needs.