Yield Basis
YieldBasis is a Curve-native AMM that eliminates impermanent loss by keeping LP positions at constant L=2 leverage and auto-releveraging them via a dedicated AMM.
Details
Scope
On what chains are the smart contracts going to be deployed?
Ethereum Mainnet
If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?
The contract is supposed to work with standard ERC20 tokens and non-standard ERC20 Bitcoin wrappers, which will be paired with crvUSD.
Are there any limitations on values set by admins (or other roles) in the codebase, including restrictions on array lengths?
Owner is the DAO (trusted, has a delay due to voting time).
Are there any limitations on values set by admins (or other roles) in protocols you integrate with, including restrictions on array lengths?
No
Is the codebase expected to comply with any specific EIPs?
Gauge is expected to comply with ERC4626
Are there any off-chain mechanisms involved in the protocol (e.g., keeper bots, arbitrage bots, etc.)? We assume these mechanisms will not misbehave, delay, or go offline unless otherwise specified.
Off-chain mechanism is arbitrage (e.g. unrestricted)
What properties/invariants do you want to hold even if breaking them has a low/unknown impact?
https://github.com/yield-basis/yb-paper/blob/master/leveraged-liquidity-paper.pdf
Eq. 14 is the invariant which is constant when price oracle is constant:
(x0 - d)*y = const
Please discuss any design choices you made.
Please provide links to previous audits (if any) and all the known issues or acceptable risks.
Link to previous audits: https://docs.yieldbasis.com/user/audits-bug-bounties
Please list any relevant protocol resources.
Additional audit information.
Most important are AMM.vy and LT.vy, as well as dao/LiquidityGauge.vy as they can be blocking funds if there's an error. Otherwise, all .vy files (excluding LT-Restricted.vy) in contracts/ and contracts/dao
For testing the codebase, you need to install Poetry, run the following commands:
curl -sSL https://install.python-poetry.org | python3 -
or brew install poetry (if on mac with homebrew)
poetry install
poetry run pytest
Additionally, you can install pypy instead of python (virtual env with it)
Run this instead, poetry run pytest -n <number of cores> --forked
The number of cores of each person's machine that want to engage will speed this up significantly
Total Rewards
Contest Pool
Lead Senior Watson
Lead Judge
115,300 USDC
18,000 USDC
9,000 USDC
Status
Scope
Start Time
End Time
Judging Rules
Reserved Auditors