Neobase Invitational

Canto is a next generation L1 designed to deliver on the promise of DeFi.

  • Start date29 Mar 2024
  • End date3 Apr 2024
  • Total awards$21,600
  • Duration5 days

Neobase audit details

  • Total Prize Pool: $21,600
    • HM awards: $16,200
    • Analysis awards: $900
    • QA awards: $400
    • Gas awards: $400
    • Judge awards: $3,200
    • Scout awards: $500

❗️Awarding Note for Wardens, Judges, and Lookouts: If you want to claim your awards in $ worth of CANTO, you must follow the steps outlined in this thread; otherwise you'll be paid out in USDC.

This is a Private audit

This audit repo and its Discord channel are accessible to certified wardens only. Participation in private audits is bound by:

  1. Code4rena's Certified Contributor Terms and Conditions
  2. C4's Certified Contributor Code of Professional Conduct

All discussions regarding private audits should be considered private and confidential, unless otherwise indicated.

Automated Findings / Publicly Known Issues

The 4naly3er report can be found here.

Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.

Mistakes by Governance:

  • We assume that all calls that are performed by the governance address are performed with the correct parameters.
  • Moreover, it is the responsibility of the governance to ensure that LendingLedger always contains enough CANTO.

Checkpoint is called at least once in five years:

  • Curve and FIAT DAO have the assumption that the VotingEscrow._checkpoint function is called at least once in a five year period. Because we use the same contracts, we also inherit this assumption.


The contracts implement a voting-escrow incentivization model for Canto RWA (Real World Assets) similar to veCRV with its liquidity gauge. Users can lock up CANTO (for five years) in the VotingEscrow contract to get veCANTO. They can then vote within GaugeController for different markets that are white-listed by governance. Users that provide liquidity within these markets can claim CANTO (that is provided by CANTO governance) from LendingLedger according to their share.

For instance, there might be markets X, Y, and Z where Alice, Bob, and Charlie provide liquidity. In lending market X, Alice provides 60% of the liquidity, Bob 30%, and Charlie 10% at a particular epoch (point in time). At this epoch, market X receives 40% of all votes. Therefore, the allocations are:

  • Alice: 40% * 60% = 24% of all CANTO that is allocated for this epoch.
  • Bob: 40% * 30% = 12% of all CANTO that is allocated for this epoch.
  • Charlie: 40% * 10% = 4% of all CANTO that is allocated for this epoch.



See scope.txt

Files in scope

FileLogic ContractsInterfacesLinesnLinesSLOC

Out of scope

See out_of_scope.txt

  • interface/Turnstile.sol
  • script/Deploy.sol
  • src/test/GaugeController.t.sol
  • src/test/LendingLedger.t.sol
  • src/test/LiquidityGauge.t.sol
  • src/test/VotingEscrow.t.sol
  • src/test/utils/Console.sol
  • src/test/utils/Utilities.sol

Scoping Q & A

General questions

ERC20 used by the protocolany except non-standard ERC20 tokens (eg, rebase mechanism)
Test coverage85.15%
ERC721 used by the protocolNone
ERC777 used by the protocolNone
ERC1155 used by the protocolNone
Chains the protocol will be deployed onCanto (chainId: 7700)

ERC20 token behaviors in scope

External integrations (e.g., Uniswap) behavior in scope

Enabling/disabling fees (e.g. Blur disables/enables fees)No
Pausability (e.g. Uniswap pool gets paused)No
Upgradeability (e.g. Uniswap gets upgraded)No

EIP compliance checklist

src/LiquidityGauge.solShould comply with ERC20

Additional context

Main invariants

Liquidity Gauge ERC20 token is always backed 1:1 by the underlying LP token

Attack ideas (where to focus for bugs)


All trusted roles in the protocol


Describe any novel or unique curve logic or mathematical models implemented in the contracts

None, it uses the standard curve VE model (linear)

Running tests

# Either clone with recurse
git clone --recurse
cd 2024-03-neobase
# Or update submodules
git submodule update --init --recursive
# To run tests
forge test
# To run code coverage
forge coverage --ir-minimum
# To run gas benchmarks
forge test --gas-report

Gas report

Test coverage (inaccurate due to --ir-minimum)


Employees of Canto and employees' family members are ineligible to participate in this audit.