Velodrome contest details
- $71,250 USDC main award pot
- $3,750 USDC gas optimization award pot
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts May 23, 2022 20:00 UTC
- Ends May 30, 2022 19:59 UTC
Contest Scope
Native Token
Velo.sol
(62 lines)VotingEscrow.sol
(868 lines, lib: Base64)
Pair
Pair.sol
(416 lines, lib: Math)PairFees.sol
(23 lines)factories/PairFactory.sol
(82 lines)Router.sol
(370 lines, lib: Math)VelodromeLibrary.sol
(89 lines)
Emissions
RewardsDistributor.sol
(260 lines, lib: Math)Minter.sol
(111 lines; lib: Math)
Voting
Gauge.sol
(545 lines, lib: Math)factories/GaugeFactory.sol
(26 lines)Bribe.sol
(85 lines)factories/BribeFactory.sol
(9 lines)Voter.sol
(304 lines, lib: Math)
Governance
VeloGovernor.sol
(50 lines, lib: L2Governor governance)
Redemption (WeVE -> VELO)
redeem/RedemptionSender.sol
(44 lines, lib: LayerZero)redeem/RedemptionReceiver.sol
(99 lines, lib: LayerZero)
New Formula
The only new formula we introduce is for the emissions schedule:
$\frac{1}{2} * weekly * (\frac{veTotal}{veloTotal})^3$
where
$veTotal$ is the total locked supply of VELO and
$veloTotal$ is the total supply of VELO
ERC-20 Standard
VELO is the native token of Velodrome and does conform to the ERC-20 standard
Our Unique Approach
Gauges/Bribes/Voting
- Staggered epoch for Gauges/Bribes to ensure rewards go to the right people
- Added Compound-style weighted NFT governance for killing "bad" gauges. This governance uses block.timestamp instead of block.number because it's on an L2
- Removed veNFT "boost" for LP staking
- Gauges can be added for any address for emergency DAO
- Removed negative voting
Emissions
- Updated emissions schedule
- Added core team emissions
Pair
- Variable fees for stable/volatile pairs
Distribution
- Added two "redemption" contracts for WeVE (veDAO token) -> VELO+USDC which uses LayerZero
Areas of Concern
As we're not changing any of the core swap logic, the bulk of our security concerns relate to the native token emissions, governance, and distribution:
Gauge.sol
andBribe.sol
, which introduce new logic related to how external bribes and voting workVotingEscrow.sol
, which adds compatibility with OZ/Comp-style governance tools like TallyRedemptionSender.sol
andRedemptionReceiver.sol
which both use LayerZero for cross-chain messaging