Flat Money
Details
Scope
My Submission
Reward Amounts
Critical
50,000 USDC maximum payout
Payout shall not exceed 10% of funds at risk at time of submission
Severity Criteria
Critical Definition
Definite and significant loss of funds without limitations of external conditions
Definite and significant freezing of funds for >1 year without limitations of external conditions
General Notes
Sherlock’s Criteria for Issue Validity guide (used in Sherlock audit contests) can be a helpful resource for more context on out-of-scope issues, etc. but nothing in the guide should overrule the definitions above
A coded Proof of Concept (POC) with instructions to run the POC is required
If the protocol team has the ability to take measures (upgrade the contract, pause the contract, etc.) against an exploit, the potential damage is limited to a 1-hour exploit period before it is assumed that the protocol team takes measures to prevent further damage
Platform Rules
Please review the Sherlock Bug Bounty Platform Rules before submitting any vulnerability.
Known Issues and Acceptable Risks
UNIT can decrease in dollar value when funding rates are negative and protocol fees don't cover the losses. This is acceptable.
UNIT can be net short and ETH goes up 5x in a short period of time, potentially leading to UNIT going to 0.
The UNIT holders should be mostly delta neutral, but they may be up to 20% short in certain market conditions (skewFractionMax parameter).
The funding rate should balance this out, but theoretically, if ETH price increases by 5x in a short period of time whilst the UNIT holders are 20% short, it's possible for UNIT value to go to 0. This scenario is deemed to be extremely unlikely and the funding rate is able to move quickly enough to bring the UNIT holders back to delta neutral.
When long max skew (skewFractionMax) is reached, UNIT holders cannot withdraw, and no new leverage positions can be opened.
This is to prevent the UNIT holders being increasingly short. This is temporary because the funding rate will bring the skew back to 0 and create more room for UNIT holders to withdraw and leverage traders to open positions.
Previous Audits
Additional Context
Chains in scope
- Base
Expected tokens
- External ERC20: rETH on Base
Trusted integrations
rETH token
Pyth network oracle for rETH and onchain (Chainlink) oracle for rETH.
Trusted protocol roles
- Trusted owner role. Owner is a Gnosis Safe multisig.
Permissioned function requirements
- The only permissioned functions are related to owner-only setter functions. These are usually clearly defined as the last section of functions in all modules.
Offchain mechanisms and procedures
There are keepers for order execution and liquidations. As long as the Pyth price they are using is fresh enough (as defined in the OracleModule), we are ok with any arbitrage issues that might occur. Ultimately, we want the feasibility of these arbitrage attacks to be high and likely to occur often.
Pyth network oracles for rETH price updates.
Protocol Resources
Flat Money docs: https://docs.flat.money
RocketPool depository: https://github.com/rocket-pool/rocketpool/tree/master
rETH token on Base: [https://basescan.org/token/0xb6fe221fe9eef5aba221c348ba20a1bf5e73624c#code](https://basescan.org/token/0xb6fe221fe9eef5aba221c348ba20a1bf5e73624c#code
Max Rewards
50,000 USDCStatus
Live since
Last updated
LIVE
Aug 19, 2024, 11:51 AM
Aug 19, 2024, 11:51 AM