Superform’s First Security Competition, Hosted by Cantina

Superform

0x0E24

November 24th, 2023

Superform Labs has partnered with Cantina for a security review code competition of the Superform Protocol.

Competition Details

November 27th 20:00 UTC to December 11th 20:00 UTC
$140k total prize pool
5500 sLOC

The Superform Protocol

The Superform Protocol is a suite of non-upgradeable, non-custodial smart contracts that act as a central repository for yield and a router for users. At its core, Superform enables two novel experiences:

Developers: Deploy your vault once. Permissionlessly list it on Superform. Access users on all chains.
Yield Seekers: Deposit into any vault, on any chain, from any chain, using any token.

The protocol makes yield discovery, execution, and distribution across chains a seamless experience.

For an overview of the Superform Protocol, read more here.
For a deep dive into the Superform Protocol, read our developer docs here.

The Scope

The scope includes 5,250 nSLOC in superform-core and 250 nSLOC in an extension to ERC1155: ERC1155A.

Superform Core: /src/ folder of: https://github.com/superform-xyz/superform-core
ERC1155A: https://github.com/superform-xyz/ERC1155A

Out of Scope

Anything in src/vendor & exploits concerning the inappropriate behavior of keeper roles, see Github.
Findings in previous audits, see Github.

Prize Distribution and Scoring

The $140k prize distribution works as follows:

Security reviewers will score points for each finding.
Prizes are distributed proportionally to the number of points scored.
A High is worth 10 points, a Medium 3 points, and Low / Gas Optimization 1 point.
Duplicate findings will be resolved using a scoring formula that incentivizes unique findings.
$130k of the prize pot is reserved for High / Medium findings that will be ranked and awarded on a curve.
$10k of the prize pot is reserved for Low / Gas Optimization findings that will be ranked and awarded on a curve.

All details on the scoring formula will be available on the Cantina competition page before going live. Cantina is also hosting a live code walkthrough in Discord, Monday the 27th at 15:00 UTC.

Remember, you need an invitation to join the Superform security competition. Reach out to @CantinaBouncer or @superformxyz on X to get an invitation.

To stay up to date with Superform and the competition, follow @superformxyz on X or join the Superform Discord.

Subscribe to Superform

Receive the latest updates directly to your inbox.

Mint this entry as an NFT to add it to your collection.

Verification

This entry has been permanently stored onchain and signed by its creator.

Arweave Transaction

mpTWRHG3vXTEus5…tnDpt1LG_Sns3U8

Author Address

0x0E24b0F342F0344…AD1a7653cBd85e9

Content Digest

jiGqawdappxoGmj…wOgoXTjA0bd4Xco