KUMA Protocol

KUMA Protocol - Versus contest

Bringing yield from Real World Assets to DeFi.

editView Repo View Report
  • Start date17 Feb 2023
  • End date22 Feb 2023
  • Total awards$38,600 USDC
  • Duration5 days

KUMA Protocol Versus contest details

  • Total Prize Pool: $38,600 USDC
    • HM awards: $25,500 USDC
    • QA report awards: $3,000 USDC
    • Gas report awards: $1,500 USDC
    • Judge + presort awards: $8,100 USDC
    • Scout awards: $500 USDC
  • Join C4 Discord to register
  • Submit findings using the C4 form
  • Read our guidelines for more details
  • Starts February 17, 2023 20:00 UTC
  • Ends February 22, 2023 20:00 UTC

Overview

This repo contains source contracts and testing suites for the MCAG contracts and the KUMA Protocol. Each corresponding project directory contains documentation in the /docs folder.

The src/kuma-protocol/ folder contains the contracts that comprise the decentralized KUMA protocol. See docs/kuma-protocol/ for KUMA protocol docs.

The src/mcag-contracts/ contains contracts that are managed by the centralized MCAG entity. See docs/mcag-contracts/ for MCAG contracts docs.

Scope

Files in scope

FileSLOCDescription and CoverageLibraries
Contracts (12)
src/kuma-protocol/KUMAAccessController.sol9-@openzeppelin/*
src/mcag-contracts/AccessController.sol16-@openzeppelin/*
src/mcag-contracts/Blacklist.sol33Central registry for blacklisted addresses that are not allowed to interact with the NFT,   100.00%@openzeppelin/*
src/kuma-protocol/KBCToken.sol67A Clone Bond NFT Token that is issued when the KIBT yield is not high enough to buy back the original Bond NFT,   100.00%@openzeppelin/* @openzeppelin-upgradeable/* @mcag/*
src/mcag-contracts/MCAGAggregator.sol67Oracle that MCAG manages to publish central bank rates,   100.00%@openzeppelin/*
src/kuma-protocol/MCAGRateFeed.sol 🧮75Contract that reads the price from the MCAG central bank rate oracle,   100.00%@openzeppelin/* @mcag/*
src/mcag-contracts/KYCToken.sol77Untransferable NFT that MCAG will airdrop to KYC users,   100.00%@openzeppelin/*
src/kuma-protocol/KUMAAddressProvider.sol 🧮118AddressProvider that stores the mappings for the KIBT, KUMASwap and KUMAFeeCollector for each risk class,   100.00%@openzeppelin/*
src/mcag-contracts/KUMABondToken.sol134NFT that MCAG will issue for each purchased real world bond,   100.00%@openzeppelin/*
src/kuma-protocol/KUMAFeeCollector.sol 🧮159100.00%@openzeppelin/*
src/kuma-protocol/KIBToken.sol 🧮251Interesting Bearing ERC20, one for each risk class,   100.00%@openzeppelin-upgradeable/* @openzeppelin/*
src/kuma-protocol/KUMASwap.sol 🧮 Σ394Main contract that always swapping a Bond NFT for the KIBT ERC20, one KUMASwap per risk class (country, term, currency),   100.00%@openzeppelin/* @mcag/* @openzeppelin-upgradeable/*
Interfaces (10)
src/mcag-contracts/interfaces/IBlacklist.sol11-@openzeppelin/*
src/kuma-protocol/interfaces/IMCAGRateFeed.sol14-@openzeppelin/* @mcag/*
src/mcag-contracts/interfaces/MCAGAggregatorInterface.sol15-
src/mcag-contracts/interfaces/IKYCToken.sol17-@openzeppelin/*
src/kuma-protocol/interfaces/IKBCToken.sol20-@openzeppelin-upgradeable/*
src/kuma-protocol/interfaces/IKUMAFeeCollector.sol22-
src/kuma-protocol/interfaces/IKUMAAddressProvider.sol27-@openzeppelin/*
src/mcag-contracts/interfaces/IKUMABondToken.sol32-@openzeppelin/*
src/kuma-protocol/interfaces/IKIBToken.sol38-@openzeppelin/* @openzeppelin-upgradeable/*
src/kuma-protocol/interfaces/IKUMASwap.sol59-@openzeppelin/*
Total (over 22 files):1655100.00%

Out of scope

All other files in the repo

External imports

Additional Context

Please see the docs/ folder for more context.

Scoping Details

- If you have a public code repo, please share it here: n/a
- How many contracts are in scope?: 22
- Total SLoC for these contracts?:  1634
- How many external imports are there?: n/a
- How many separate interfaces and struct definitions are there for the contracts within scope?: 3 structs, 10 interfaces
- Does most of your code generally use composition or inheritance?: inheritance
- How many external calls?: n/a
- What is the overall line coverage percentage provided by your tests?: 100%
- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: KUMA Protocol will depend on the Mimo Capital AG contracts
- Please describe required context: Please read the docs in each respective folder
- Does it use an oracle?: No
- Does the token conform to the ERC20 standard?: Yes
- Are there any novel or unique curve logic or mathematical models?: No
- Does it use a timelock function?: No
- Is it an NFT?: Yes
- Does it have an AMM?: No
- Is it a fork of a popular project?: No
- Does it use rollups?: No
- Is it multi-chain?: No
- Does it use a side-chain?: No

Tests

This repo contains relevant tests for the two source projects. To run tests:

  1. Make sure all git submodules are installed using git submodule update --init
  2. Run forge test

Make sure forge is at least on the following version: forge 0.2.0 (1a56901 2023-02-15T00:05:20.802314Z)

To skip invariant and fuzz tests run forge test --no-match-path "{*invariant*,*fuzz*}"

Quickstart Command

Alternatively use the following quickstart command:

rm -Rf 2023-02-kuma || true && git clone https://github.com/code-423n4/2023-02-kuma.git -j8 --recurse-submodules && cd 2023-02-kuma && git submodule update --init && foundryup && forge install && forge build && forge test --gas-report

Running Static Analysis

The root folder contains a slither.config.json file that can be used to run static analysis on the kuma-protocol project. Refer to the foundry docs on how to run Slither

Invariant testing

For the following files the invariants should be run with fail_on_revert = true in the foundry.toml:

[invariant]
runs = 256
depth = 256
fail_on_revert = true

Then run the tests with forge test --match-path "*fail.on.revert*"