Reserve Core Mitigation Review
A permissionless platform to launch and govern asset-backed stable currencies.
- Start date12 Sep 2024
- End date17 Sep 2024
- Total awards$17,500 in USDC
- Duration5 days
- Details
Reserve Core Mitigation Review
- Total Prize Pool: $17,500 in USDC
- HM awards: $14,000 in USDC
- Judge awards: $3,000 in USDC
- Scout awards: $500 in USDC
- Warden guidelines for C4 mitigation reviews
- Starts September 12, 2024 20:00 UTC
- Ends September 17, 2024 20:00 UTC
Important note
Each warden must submit a mitigation review for every individual PR listed in the Scope section below. Incomplete mitigation reviews will not be eligible for awards.
Findings being mitigated
Mitigations of all High and Medium issues (+ Additional scope to be reviewed) will be considered in-scope for this audit.
- M-01: RToken can manipulate distribution to avoid paying DAO fees
- M-02: Broken assumptions can lead to the inability to seize RSR
- M-03: The default Governor Anastasius is unable to call resetStakes
- M-05: Users can dodge losses due to StRSR era changes with instant operations
- M-06: The time available for a canceled withdrawal should not impact future unstaking processes
- M-07: The traceEnd in BackingManager isn't updating correctly
Scope
Branch
https://github.com/reserve-protocol/protocol/pull/1204
Mitigation of High & Medium Severity Issues
We'd like some extra eyes on the following changes, since they are not in the "obviously safe" category:
| URL | Mitigation of |
|---|---|
| https://github.com/reserve-protocol/protocol/pull/1198 | M-02 |
| https://github.com/reserve-protocol/protocol/pull/1199 | M-05 |
Additional scope to be reviewed
These are additional changes that will be in scope. Changes marked as MISC are from reports that were not judged as valid issues but are being included for review.