Superform Labs has partnered with Cantina for a unique CTF competition for the Superform Protocol.

Overview

Superform’s CTF competition simulates a live environment of the Superform protocol with real funds on multiple mainnets at once. Superform Labs will deposit its own money into live vaults and security researchers will compete to exploit the protocol.

Competition Details

• December 28th 22:00 UTC to January 11th 22:00 UTC

• $100k+ deposited in Superform contracts during the competition

• Deposits made daily at 15:00 UTC

• Live on Mainnet

• If you can hack it, you can keep it

The Superform Protocol

The Superform Protocol is a suite of non-upgradeable, non-custodial smart contracts that act as a central repository for yield and a router for users. At its core, Superform enables two novel experiences:

1. Developers: Deploy your vault once. Permissionlessly list it on Superform. Access users on all chains.

2. Yield Seekers: Deposit into any vault, on any chain, from any chain, using any token.

The protocol makes yield discovery, execution, and distribution across chains a seamless experience.

• For an overview of the Superform Protocol, read more here.

• For a deep dive into the Superform Protocol, read our developer docs here.

• For a look at the code behind the CTF, check out our github here.

Planting The Flags

Starting December 28th, the Superform Protocol will be deployed on Avalanche, BNB Chain, and Polygon. Deposits will be made into 3 vaults on each chain for a total of 9 vaults. Deposits will be made into 3 vaults daily in tranches of $2.5k at 15:00 UTC until all deposits have been made.

The goal is to steal the ERC4626 shares held in Superform Protocol’s Superform contracts and tokens in transit from chain to chain. If stolen, the security researcher can keep the bounty in the vault. Users may do this via any protocol action — creating new Superforms, depositing/withdrawing from the protocol into vaults themselves via our contracts, etc.

Resources:

• Superform V1 Deployments: https://docs.superform.xyz/resources/deployment-addresses

• Superform Addresses with Deposits: https://docs.superform.xyz/resources/ctf-competition-deposit-addresses

Superform App

Security researchers will have access the the Superform App. You may use the app to better understand how Superform works, however, we cannot prevent any deposited funds from being exploited by another researcher. All deposits are at risk in this competition, including yours. The app is still in active development, and there are some bugs. Funds may be lost or stuck, so if you are going to make deposits we recommend keeping them small. If you run into any issues feel free to chat with us using the “Talk to Us” button on the app.

How to Participate:

1. Join the Cantina Platform: DM @CantinaBouncer or @superformxyz on X to get an invitation

2. Add your wallet address to your Cantina profile

3. Join the Cantina Discord to ask questions

4. Try out the App and hack the contracts on Mainnet!

To connect with the Superform Labs team, follow @superformxyz on X or join the Superform Discord.