Contest ran 9 September 202212 September 2022

3 day contest

FEI and TRIBE Redemption contest

A new DeFi primitive that allows any token to become productive and provide FEI liquidity at no cost to the markets that need it most.

$42,000 USDC

Total Awards

FEI and TRIBE Redemption Contest Details

Setup Instructions and Codebase Overview:

Setup TLDR:

# Install dependencies:
npm install && npm run setup:forge
# Allocate additional ram for Hardhat/Node*:
export NODE_OPTIONS=--max-old-space-size=6144
# Build and compile contracts (both via hardhat *and* forge) and generate types: 
npm run build
# Run forge tests: 
npm run test
# Run hardhat tests (takes >10min and may need a prior `export NODE_OPTIONS=--max-old-space-size=8192` to avoid an out of memory error): 
npm run test:hardhat

* do not allocate more RAM in megabytes than your computer has, or this will fail

To Run Slither:

slither --solc-remaps '@openzeppelin/=node_modules/@openzeppelin/ @chainlink/=node_modules/@chainlink/ @uniswap/=node_modules/@uniswap/ @rari-capital/=node_modules/@rari-capital/ @orcaprotocol/=node_modules/@orcaprotocol/ @ensdomains/=node_modules/@ensdomains/ @gnosis.pm/=node_modules/@gnosis.pm/ ds-test/=contracts/test/libs/forge-std/lib/ds-test/src/ forge-std/=contracts/test/libs/forge-std/src/' contracts/pcv/PCVGuardian.sol ./contracts/contract/you-want-to-test.sol

Contracts in Scope

Scope Table

| File                                                                   | nLines |
|------------------------------------------------------------------------|--------|
| contracts/peg/SimpleFeiDaiPSM.sol                                      | 103    |
| contracts/shutdown/fuse/RariMerkleRedeemer.sol                         | 218    |
| contracts/shutdown/fuse/MerkleRedeemerDripper.sol                      | 29     |
| contracts/shutdown/redeem/TribeRedeemer.sol                            | 73     |
| Totals                                                                 | 423    |

All other contracts are **not in scope**.

Note 1: For the RariMerkleRedeemer & MerkleRedeemerDripper contracts, please see the readme here for additional information.

Note 2: For each contract, thare are unit and integration tests linked below. There also exist some tests in the "verification" step of the dao vote which that contract corresponds to; these tests are executed when the DAO vote is simulated as part of the integration test setup.

RariMerkleRedeemer

  • sLoC: ~150
  • External contracts called: FEI ERC-20 token, Fuse cTokens
  • Libraries: OpenZeppelin

This contract performs a "merkle swap" between Fuse cTokens and FEI at a pre-determined exchange rate per cToken up to a configured cap per address in the merkle root. There is one merkle root and one exchange rate per cToken. The merkle nodes contain the user address and amount of cTokens which can swap for FEI.

Only EOA addresses will be listed in the merkle nodes, as addresses also need to perform an ECDSA signature on a message to claim the swap.

It should be impossible to claim any assets from the Merkle Redeemer unless included in the merkle tree. It should be impossible to redeem without signing the message. Users with outstanding borrows on Fuse should not be able to claim in full until paying off their debt (cTokens prevent transfers when actively used as collateral for a borrow). All EOA users in the merkle tree should be able to claim in full assuming they have the cTokens, no borrows against them, and the contract is funded.

Tooling for creating merkle trees can be found in scripts/shutdown/, and documentation for this tooling can be found in this readme.

Test info:

MerkleRedeemerDripper

  • sLoC: ~10 (with ~200 in inheritance chain)
  • External contracts called: FEI ERC-20 token, Fei Protocol Core ACL

This contract is intended to drip FEI into the immutable RariMerkleRedeemer contract as a security/rate limiting mechanism. In the event of an unlikely issue, the dripper can be paused making the maximum attack surface the funds in the RariMerkleRedeemer.

Test info:

  • See verification step of TIP-121b for all tests for this contract.
  • For unit tests of the ERC20Dripper that it inherits from, see here
  • For integration tests of the ERC20Dripper that it inherits from, see here

SimpleFeiDaiPSM

  • sLoC: ~75
  • External contracts called: FEI and DAI ERC-20 token
  • Libraries: OpenZeppelin

This contract is intended to be an immutable FEI-DAI wrapper (like WETH:ETH) which allows 1:1 minting and redemption. This contract should stay synced between the FEI and DAI supplies after each call to burnFeiHeld(), assuming it is seeded with enough DAI to match the circulating supply.

Note 1: The contract uses the same abi as other PSMs in fei protocol, with some null and no-op functionality for completeness.

Note 2: Some FEI in existence is "protocol owned" and would be sent directly to this contract to be burned, and not backed by DAI. Hence the burnFeiHeld()

Test info:

TribeRedeemer

  • sLoC: ~50
  • External contracts called: FEI, DAI, stETH, FOX, LQTY ERC-20 tokens
  • Libraries: OpenZeppelin

Intended to redeem TRIBE from the effective circulating supply in exchange for a pro rata portion of a list of ERC-20 tokens.

Test info: