- $71,250 USDC main award pot
- $3,750 USDC gas optimization award pot
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts July 26, 2022 20:00 UTC
- Ends August 01, 2022 20:00 UTC
yarn install
npx hardhat compile
npx hardhat test
·----------------------------------------------|---------------------------|-------------|-------------------------------------·
| Solc version: 0.8.11 · Optimizer enabled: true · Runs: 200 · Block limit: 9007199254740991 gas │
···············································|···························|·············|······································
| Methods │
······················|························|·············|·············|·············|···················|··················
| Contract · Method · Min · Max · Avg · # calls · eur (avg) │
······················|························|·············|·············|·············|···················|··················
| ERC1155Mock · setApprovalForAll · 46213 · 46225 · 46223 · 20 · - │
······················|························|·············|·············|·············|···················|··················
| ERC721Mock · mint · - · - · 90772 · 20 · - │
······················|························|·············|·············|·············|···················|··················
| ERC721Mock · setApprovalForAll · 46168 · 46180 · 46178 · 20 · - │
······················|························|·············|·············|·············|···················|··················
| GolomToken · executeSetMinter · - · - · 47798 · 9 · - │
······················|························|·············|·············|·············|···················|··················
| GolomToken · mint · - · - · 120177 · 1 · - │
······················|························|·············|·············|·············|···················|··················
| GolomToken · mintAirdrop · - · - · 142282 · 2 · - │
······················|························|·············|·············|·············|···················|··················
| GolomToken · mintGenesisReward · - · - · 142260 · 8 · - │
······················|························|·············|·············|·············|···················|··················
| GolomToken · setMinter · 34134 · 68334 · 54652 · 10 · - │
······················|························|·············|·············|·············|···················|··················
| GolomTrader · fillAsk · 238141 · 241948 · 241397 · 7 · - │
······················|························|·············|·············|·············|···················|··················
| GolomTrader · setDistributor · 46281 · 70449 · 47432 · 21 · - │
······················|························|·············|·············|·············|···················|··················
| RewardDistributor · addVoteEscrow · - · - · 28462 · 6 · - │
······················|························|·············|·············|·············|···················|··················
| RewardDistributor · executeAddVoteEscrow · - · - · 29954 · 6 · - │
······················|························|·············|·············|·············|···················|··················
| Deployments · · % of limit · │
···············································|·············|·············|·············|···················|··················
| ERC1155Mock · - · - · 1482781 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| ERC20Mock · - · - · 496811 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| ERC721Mock · - · - · 1210377 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| GolomToken · - · - · 1998674 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| GolomTrader · - · - · 2013842 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| RewardDistributor · 2379507 · 2379543 · 2379537 · 0 % · - │
···············································|·············|·············|·············|···················|··················
| WETH · - · - · 572761 · 0 % · - │
·----------------------------------------------|-------------|-------------|-------------|-------------------|-----------------·
28 passing (10s)
| File | nSLOC | Lines |
|---|---|---|
| Contracts (5) | ||
| contracts/governance/GolomToken.sol | 42 | 73 |
| contracts/vote-escrow/VoteEscrowDelegation.sol | 137 | 263 |
| contracts/rewards/RewardDistributor.sol | 218 | 316 |
| contracts/core/GolomTrader.sol | 298 | 462 |
| contracts/vote-escrow/VoteEscrowCore.sol | 596 | 1237 |
| Libraries (1) | ||
| contracts/vote-escrow/TokenUriHelper.sol | 116 | 149 |
| Total (over 6 files): | 1407 | 2500 |
| File | nSLOC | Lines |
|---|---|---|
| Contracts (4) | ||
| contracts/governance/Timlock.sol | 103 | 155 |
| contracts/core/Emitter.sol | 130 | 150 |
| contracts/rewards/GolomAirdrop.sol | 150 | 207 |
| contracts/governance/GovernerBravo.sol | 301 | 472 |
| Total (over 4 files): | 684 | 984 |
- @openzeppelin/contracts/access/Ownable.sol
- @openzeppelin/contracts/security/Pausable.sol
- @openzeppelin/contracts/security/ReentrancyGuard.sol
- @openzeppelin/contracts/token/ERC1155/IERC1155.sol
- @openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol
- @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol
- @openzeppelin/contracts/token/ERC721/IERC721.sol
- @openzeppelin/contracts/utils/cryptography/MerkleProof.sol
- @openzeppelin/contracts/utils/math/SafeMath.sol
- hardhat/console.sol
Description:
This contract acts as the NFT trade matcher with 3 different functions for the 3 different ordertypes, ordertype 0 for filling ask for NFT, 1 for filling bid of an NFT, 2 for filling bid of any NFT from a particular collection ensuring that the supplied proof demonstrates inclusion of the tokenId in the associated merkle root, if root is 0, then any token can be used to fill the order. After filling RewardDistributor, contract is called for saving fees generated by each address and distributing rewards.
Types of reward distribution:
- Golom rewards for Traders selling NFT and exchanges that created the signed orders
- Inflationary Golom rewards and fee rewards for Vote-escrowed Golom stakers
How rewards are calculated.
- Vote escrowed staked golom (described below) are entitled to all ether fees stored in
epochTotalFeeas well as inflationary golom rewards (calculated asuint256 stakerReward = (tokenToEmit * rewardToken.balanceOf(address(ve))) / rewardToken.totalSupply();) pro-rata to their power - Sellers of NFT per epoch are entitiled to
rewardTrader[epoch]rewards of each epoch pro-rata to the fees - Exchange addresses that creates the orders are entitiled to
rewardExchange[epoch]rewards of each epoch pro-rata to the fees - All ether collected on this contract before
startTimeis stored as fees inepochTotalFeemapping of epoch 0 and given to Vote-escrowed stakers - Contract also mints daily golom token based on https://docs.golom.io/emissions with
dailyEmissionbeing 600,000 tokens
This contract inherits VoteEscrowCore.sol which is a fork of Andre's solidly project (https://github.com/solidlyexchange/solidly/blob/master/contracts/ve.sol) and implements delegation for upgrading other contracts by voting.
Solidly is a fork of curve voting mechanism which makes each lock as an NFT and allows it to be freely transferable.
This contract emits any valid signed order as an indexed event for easy querying. This contract will be deployed on polygon.
https://github.com/lucash-dev/audits/blob/main/golom_audit1_updated.pdf
Contracts in scope: 6
SLOC: 1407
Libraries: -
External calls: -
Oracle: No
Oracle description:
Token is ERC20? Yes
Novel/unique curve logic or math: curve locking, staking logic forked from curve
Timelock: Yes
NFT: Yes
AMM: No
Fork of another project? Yes
Customizations to forked project: Staking forked
Use rollups: No
Is multichain: No
Uses sidechain: No
Sidechain is EVM compatible: No
Will participants need to understand other portions of the code/project? no