Malda
Malda is a Unified Liquidity Lending protocol on Ethereum and Layer 2s, delivering a seamless lending experience through global liquidity pools, all secured by zkProofs.
Details
Scope
On what chains are the smart contracts going to be deployed?
Ethereum, Base, Linea, Optimism, Unichain, Arbitrum.
If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?
Tokens at launch:
Stables: USDC, USDT, USDS
Bluechips: wBTC, wETH
LSTs: wstETH, weETH, ezETH, wrsETH/rsETH on mainnet
Post-launch:
Stables: USDe, sUSDe
Others: Lombard BTC, fiammaBTC, ARB, OP, LINEA, GMX, ZKC (Boundless Token), AERO
Are there any limitations on values set by admins (or other roles) in the codebase, including restrictions on array lengths?
Owner is trusted
Sequnecer is semi-trusted - It is trusted to maintain volume control and monitor the underlying chains for security. It can only execute UserOps based on zkProofs
Rebalancer is semi-trusted - Rebalancer only has DDOS abilities for the protocol via constant rebalancing. It cannot transfer user funds
Pauser is trusted
If the Sequencer or Rebalancer can use access-restricted functions they shouldn't be able to (based on the role explanation above), it may be considered a valid issue if it has Medium or High impact.
Are there any limitations on values set by admins (or other roles) in protocols you integrate with, including restrictions on array lengths?
No
Is the codebase expected to comply with any specific EIPs?
No
Are there any off-chain mechanisms involved in the protocol (e.g., keeper bots, arbitrage bots, etc.)? We assume these mechanisms will not misbehave, delay, or go offline unless otherwise specified.
Liquidators - Expected to liquidate positions like in other lending protocols
Sequencer (Centralized) - Expected to deliver proofs and execute UserOps via those proofs for all multichain interactions
Rebalancer (Centralized) - Expected to maintain liquidity across all deployments by rebalancing liquidity predicted by demand
What properties/invariants do you want to hold even if breaking them has a low/unknown impact?
No
Please discuss any design choices you made.
Sequencer - We chose to implement a centralized sequencer design that executes cross-chain actions without waiting for full L1 finality for rollups. This design choice was implemented to provide the users lower latency, while maintaining additional security checks that are not feasible with current ZK technology to be programmed into a zk-proof.
Please provide links to previous audits (if any) and all the known issues or acceptable risks.
Please list any relevant protocol resources.
Additional audit information.
Here's the config for testing on testnet:
{
"Core Contracts": {
"linea_sepolia": {
"Deployer contract": "0x7aFcD811e32a9F221B72502bd645d4bAa56a375a",
"Roles(Rbac)": "0x3dc52279175EE96b6A60f6870ec4DfA417c916E3",
"ZkVerifier": "0xF3CA3C7018eA139E8B3969FF64DafDa8DF946B31",
"BatchSubmitter": "0xC03155E29276841Bc5D27653c57fb85FA6043C65",
"GasHelper": "0x3aE44aC156557D30f58E38a6796336E7eD0A3fC1",
"RewardDistributor implementation": "0x5D88bbd2c635277C39cAcC773dd2cdFbA7890f2c",
"RewardDistributor": "0x837D67e10C0E91B58568582154222EDF4357D58E",
"MixedPriceOracleV4": "0xAc028838DaF18FAD0F69a1a1e143Eb8a29b04904",
"Operator implementation": "0x0B6d9A4FEd6516FFe871dbB9BF9166420f92b3E9",
"Operator proxy": "0x389cc3D08305C3DaAf19B2Bf2EC7dD7f66D68dA8",
"Pauser": "0x4EC99a994cC51c03d67531cdD932f231385f9618"
},
"op_sepolia": {
"Deployer contract": "0x7aFcD811e32a9F221B72502bd645d4bAa56a375a",
"Roles(Rbac)": "0x3dc52279175EE96b6A60f6870ec4DfA417c916E3",
"ZkVerifier": "0xF3CA3C7018eA139E8B3969FF64DafDa8DF946B31",
"BatchSubmitter": "0xC03155E29276841Bc5D27653c57fb85FA6043C65",
"GasHelper": "0x3aE44aC156557D30f58E38a6796336E7eD0A3fC1",
"Pauser": "0x4EC99a994cC51c03d67531cdD932f231385f9618"
},
"sepolia": {
"Deployer contract": "0x7aFcD811e32a9F221B72502bd645d4bAa56a375a",
"Roles(Rbac)": "0x3dc52279175EE96b6A60f6870ec4DfA417c916E3",
"ZkVerifier": "0xF3CA3C7018eA139E8B3969FF64DafDa8DF946B31",
"BatchSubmitter": "0xC03155E29276841Bc5D27653c57fb85FA6043C65",
"GasHelper": "0x3aE44aC156557D30f58E38a6796336E7eD0A3fC1",
"Pauser": "0x4EC99a994cC51c03d67531cdD932f231385f9618"
}
},
"Market Contracts": {
"linea_sepolia": {
"mUSDCMock": {
"HostImplementation": "0xC0878EB12e0712031fD1961970f7Cc65546792E4",
"HostProxy": "0x76daf584Cbf152c85EB2c7Fe7a3d50DaF3f5B6e6"
},
"mwstETHMock": {
"HostImplementation": "0xB5e829DBE2DF8aC2ee7e6A50Cbc2105960BadE00",
"HostProxy": "0xD4286cc562b906589f8232335413f79d9aD42f7E"
}
},
"op_sepolia": {
"mUSDCMock": {
"ExtensionImplementation": "0x0842B40d66F6cA95Fc3b512B71Bb2267Ee89d851",
"ExtensionProxy": "0x76daf584Cbf152c85EB2c7Fe7a3d50DaF3f5B6e6"
},
"mwstETHMock": {
"ExtensionImplementation": "0x1C2E16780760256e247F228Ea43C9E44fE43cAEd",
"ExtensionProxy": "0xD4286cc562b906589f8232335413f79d9aD42f7E"
}
},
"sepolia": {
"mUSDCMock": {
"ExtensionImplementation": "0x0842B40d66F6cA95Fc3b512B71Bb2267Ee89d851",
"ExtensionProxy": "0x76daf584Cbf152c85EB2c7Fe7a3d50DaF3f5B6e6"
},
"mwstETHMock": {
"ExtensionImplementation": "0x1C2E16780760256e247F228Ea43C9E44fE43cAEd",
"ExtensionProxy": "0xD4286cc562b906589f8232335413f79d9aD42f7E"
}
}Total Rewards
Contest Pool
Lead Senior Watson
Lead Judge
42,000 USDC
25,000 USDC
10,000 USDC
Status
Scope
Start Time
End Time
Judging Rules
