Yield Micro Contest #1
- $28,500 USDC main award pot
- $1,500 USDC optimizations award pot
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts August 12 00:00 UTC
- Ends August 14 23:59 UTC
Yield v2 is a collateralized debt engine paired with a custom automated market maker.
The product offered by Yield v2 is fixed rate borrowing and lending.
- Borrowing: Users deposit collateral to borrow fyTokens, which are immediately sold in YieldSpace for underlying. The combined effect is collateralized borrowing of underlying at a fixed rate, if they maintain ther debt until maturity.
- Lending: Users sell underlying in YieldSpace to buy fyToken. They are effectively lending underlying at a fixed rate if they hold the fyToken to maturity and redeem them.
- Liquidity Providing: The YieldSpace AMM requires liquidity, that Liquidity Providers add in exchange for fees generated by the use of YieldSpace by borrowers and lenders.
New Smart Contracts
There are 7 new contracts to Yield v2 as part of this micro-contest, they are all in scope.
A simple permissioned factory for the deployment of FYToken contracts.
A minor variation on existing oracles to return the exchange rate of a cToken, so that it could be used as collateral.
A variation on existing oracles that allows to combine data from several IOracle contracts on predetermined paths.
A reimplementation of the Timelock pattern, inheriting from AccessControl.sol and implementing batchable transactions.
A variation of the Timelock pattern, in which transactions that revoke permissions are stored so that compromised contracts can be isolated in emergencies.
A reimplementation of Unipool.sol, embedded in an ERC20 contract so that mint automatically stakes, and burn automatically unstakes.
A contract that allows YieldSpace liquidity providers to pool their LP tokens. The strategy swaps all funds to another pool on maturity in a semi-permissionless manner.
Previous Smart Contracts
The contracts that were part of the previous contest had fixes applied, and sometimes significant refactorings.
Cast*.sol (9 sloc each)
The Cast*.sol libraries convert safely between different types. This contract didn't suffer any changes
WDiv.sol (9 sloc)
Fixed point division. This contract didn't suffer any changes
WDivUp.sol (11 sloc)
Fixed point division, rounding up. This contract didn't suffer any changes
WMul.sol (9 sloc)
Fixed point multiplication. This contract didn't suffer any changes
ERC20.sol (84 sloc)
Custom implementation of the ERC20 specifications. Differs from ERC20 standard on when allowances are required and decreased, same as DS-Token.sol. This contract didn't suffer any significant changes, only natspec was added
ERC20Permit.sol (67 sloc)
Extension of ERC20 to accept ERC2612 off-chain approvals. This contract had minor fixes for issues found in the previous contest
SafeERC20Namer.sol (91 sloc)
Produces token descriptors from inconsistent or absent ERC20 symbol implementations that can return string or bytes32 This contract had minor fixes for issues found in the previous contest
TransferHelper.sol (29 sloc)
Adapted from Uniswap & BoringSolidity. Safe transferring of ERC20 tokens and Ether, regardless of reverts or return values. This contract didn't suffer any changes
MinimalTransferHelper.sol (29 sloc)
Adapted from Uniswap & BoringSolidity. Safe transferring of ERC20 tokens, regardless of reverts or return values. This contract didn't suffer any changes
AddressStringUtil.sol (31 sloc)
String utilities. This contract had significant fixes for issues found in the previous contest
RevertMsgExtractor.sol (19 sloc)
Extractor or revert messages from return data. This contract didn't suffer any changes
AccessControl.sol (226 sloc)
Access control contract adapted from OpenZeppelin's AccessControl.sol. A role exists for each function in a contract, and if the
auth modifier is present in a function, access must have been granted by the root account. The privileged account can grant and revoke roles, as well as root privileges.
Root can lock functions, disabling any further changes in their access control, except for existing users renouncing to granted roles.
This contract didn't suffer any changes
Ownable.sol (21 sloc)
Contract to create a single privileged role that can be held by a single address This contract didn't suffer any changes
ChainlinkMultiOracle.sol (89 sloc)
Calls Chainlink aggregators to return the value of an asset amount. Two contracts deployed, one for 18 and one for 8 decimals. This contract had minor improvements applied
UniswapV3Oracle.sol (92 sloc)
Calls Uniswap V3 pools to return the value of an asset amount. One contract deployed. This contract was removed from the scope
CompoundMultiOracle.sol (60 sloc)
Calls Compound cTokens to return the borrowing and lending rate. One contract deployed. This contract had minor improvements applied
Join.sol (121 sloc)
Asset holding. Only privileged accounts or contracts can move assets out of the Join, or ask the Join to take assets. Can serve ERC3156 flash loans. One contract per asset deployed. This contract had minor improvements applied
JoinFactory.sol (67 sloc)
Deployment of Joins. One contract. This contract was heavily refactored to remove the use of CREATE2
FYToken.sol (204 sloc)
ERC20 zero coupon bond, redeemable at maturity for underlying. Calls Join.sol to obtain funds to serve redemptions, and an Oracle to determine the savings rate, which will be applied to redemptions as well. Can be flash minted with no fees following the ERC3156 standard. Numerous contracts deployed. This contract had minor fixes for issues found in the previous contest
Cauldron.sol (416 sloc)
Accounting system for Yield v2. The only external dependencies are towards rate oracles and spot oracles. All transactional functions require privileged access. The main function besides accounting is to reveal whether a vault is collateralized using the
ink * price * ratio >= art * accrual * rate formula.
One contract deployed.
This contract had fixes for issues found in the previous contest, was refactored to remove the possibility of parallel liquidators, and got two helper external view functions added.
Ladle.sol (495 sloc)
Routing and asset management for Yield v2. It has considerable privileges:
- Moves assets in and out of the Joins
- Mints and burns fyToken
- Updates accounting in the Cauldron
- Collects approvals from users for transfers to pools and fyToken
- Calls YieldSpace functions It also implements a batching system to group several calls together. This contract had fixes for issues found in the previous contest, and was refactored to replace the batching system by a simpler one.
LadleStorage.sol (44 sloc)
Storage variables for Ladle, so that Modules can inherit them and align their storage with the Ladle. This contract had minor removals
Governance router. The Wand bundles governance calls into governance actions such as adding an asset or a series. This contract was refactored to allow reorchestrating after deployment, and the use of FYToken and Join factories
Witch.sol (73 sloc)
Liquidations engine, same implementation from Yield v1, refactored. Calls the Ladle to move assets, and the Cauldron to obtain and release control of undercollateralized vaults. This contract was heavily refactored to remove the dependency with Ladle, behave correctly after maturity, and allow different parameters for different collaterals.
Math64x64.sol (693 lines)
ABDK's Math64x64, upgraded to 0.8. Very complex math library, for which only a series of changes were made to use the 0.8 compiler. This file was replaced by the vendor's official version, and is now out of scope.
YieldMath.sol (507 lines)
YieldSpace AMM curve implementation. Same curve implementation from Yield v1. It was refactored to make the math clearer. Uses Math64x64.sol. This file had minor fixes applied.
Pool.sol (613 sloc)
YieldSpace AMM implementation. Refactored from Yield v1, to add a TWAR oracle, single-asset mint and burn, and remove all
transferFrom in favour of keeping track of balances.
This file had minor fixes applied.
PoolFactory.sol (77 sloc)
Deployment of YieldSpace Pools using CREATE2. This file had minor fixes applied.
PoolRouter.sol (142 sloc)
Batching of calls to Pools, along with wrapping/unwrapping of Ether, management of off-chain approvals, and transfers of tokens from users to pools to kickstart transactions. This contract was removed from the scope
Areas of concern
Ladle and Witch suffered significant refactors, and are an area of concern. Among the new contracts, ERC20Rewards and Strategy have a moderate complexity and are liable to hold a large portion of the liquidity in Yield v2