✨ New!✨  C4 Cosmos leagueRead more »

Contest ran June 24June 30

7 day contest

Tracer contest

Build and trade with Tracer’s Perpetual Swaps and gain leveraged exposure to any market in the world.

$80,000 USDC

Total Awards

Tracer contest details

This repo will be made public before the start of the contest. (C4 delete this line when made public)

Tracer Contest Scope

Contracts in Scope

Core Contracts

  • Insurance.sol
    • 232 LOC
    • External contracts: TracerPerpetualSwaps.sol
    • Libraries: LibMath.sol, LibInsurance.sol, LibBalances.sol
  • InsurancePoolToken.sol
    • 19 LOC
    • External contracts: None
    • Libraries: None
  • Liquidation.sol
    • 473 LOC
    • External contracts: Pricing.sol, TracerPerpetualSwaps.sol, Insurance.sol, GasOracle.sol
    • Libraries: LibMath.sol, LibLiquidation.sol, LibBalances.sol, LibPerpetuals.sol
  • Pricing.sol
    • 273 LOC
    • External contracts: TracerPerpetualSwaps.sol, Insurance.sol, Oracle.sol
    • Libraries: LibMath.sol, LibPrices.sol
  • TracerPerpetualsFactory.sol
    • 473 LOC
    • External contracts: PerpsDeployerV1.sol (not in scope), LiquidationDeployerV1.sol (not in scope), PricingDeployerV1.sol (not in scope), InsuranceDeployerV1.sol (not in scope)
    • Libraries:
  • TracerPerpetualSwaps.sol
    • 599 LOC
    • External contracts: Pricing.sol, Insurance.sol, Liquidation.sol, GasOracle.sol
    • Libraries: LibMath.sol, LibPrices.sol, LibBalances.sol, LibPerpetuals.sol, LibSafetyWithdraw.sol
  • Trader.sol
    • 250 LOC
    • External contracts: TracerPerpetualSwaps.sol
    • Libraries: LibBalances.sol, LibPerpetuals.sol
  • ChainlinkOracleAdapter.sol
    • 66 LOC
    • External contracts: IChainlinkOracle.sol (out of scope)
    • Libraries: LibMath.sol
  • GasOracle.sol
    • 68 LOC
    • External contracts: IChainlinkOracle.sol (out of scope)
    • Libraries: LibMath.sol

Library Contracts

  • LibBalances
  • LibInsurance
  • LibLiquidation
  • LibMaths.sol
  • LibPerpetuals.sol
  • LibPrices.sol
  • SafetyWithdraw.sol

Novel Maths

While there is no novel maths present, an understanding of the Tracer perpetual swaps maths and mechanisms will be helpful. You can learn more from our perpetual swaps whitepaper.


All tokens used within the Tracer perpetual swaps system are assumed to conform to the ERC20 standard.

Security Assumptions

Our security assumptions for the Tracer perpetual swaps contracts are that each market is manipulatable by the owner / deployer of the market, but there should be no cross market manipulation or exploits of any kind. There is no oracle or token whitelisting to ensure that anyone can deploy any market that they want, without restrictions of the protocol getting in their way. This comes with the tradeoff that the deployer of a market can deploy using an oracle they control, and manipulate the price to have the market behave in any way they wish.

We have however provided adapters for Chainlink oracles, and will have DAO deployed markets (owned and managed by the Tracer DAO) that will use both reliable Chainlink oracles and safe underlying ERC20s.

As such, exploits that are executable by the owner of a market (such as changing the oracle at any point in time, using an ERC20 with a dangerous implementation of transfer, etc) are out of scope for this audit.