没有合适的资源?快使用搜索试试~ 我知道了~
Code Assessment of Liquidations 2.0 Smart Contracts
需积分: 5 0 下载量 61 浏览量
2023-10-27
01:41:44
上传
评论
收藏 657KB PDF 举报
温馨提示
试读
23页
First and foremost we would like to thank the Maker Foundation for giving us the opportunity to assess the current state of their Liquidations 2.0 system. This document outlines the findings, limitations, and methodology of our assessment. Initially, our code assessment resulted in a number of findings regarding security and correctness. After the submission of the intermediate reports all findings have been resolved. These have been marked accordingly and can be found in the Resolved Findings s
资源推荐
资源详情
资源评论
PUBLIC
Code Assessment
of Liquidations 2.0 Smart Contracts
April 16, 2020
Produced for
by
1 Executive Summary
First and foremost we would like to thank the Maker Foundation for giving us the opportunity to assess
the current state of their Liquidations 2.0 system. This document outlines the findings, limitations, and
methodology of our assessment.
Initially, our code assessment resulted in a number of findings regarding security and correctness. After
the submission of the intermediate reports all findings have been resolved. These have been marked
accordingly and can be found in the Resolved Findings section.
We hope that this assessment provides valuable findings as well as more insight into the current
implementation. We are happy to receive questions and feedback to improve our service and are highly
committed to further support your project.
Yours sincerely,
ChainSecurity Team
1.1 Overview of the Findings
Below we provide a brief numerical overview of the findings and how they have been addressed.
Critical
-Severity Findings 0
High
-Severity Findings 0
Medium
-Severity Findings 4
•
Code Corrected
2
•
Specification Changed
2
Low
-Severity Findings 6
•
Code Corrected
5
•
Specification Changed
1
Maker Foundation - Liquidations 2.0 - ChainSecurity
3
2 Assessment Overview
In this section we briefly describe the overall structure and scope of the engagement including the code
commit which is referenced throughout this report.
2.1 Scope
The general scope of the assessment is set out in our engagement letter with Maker Foundation dated
February 5, 2020. The assessment was performed on the source code files inside the Liquidations 2.0
repository based on the documentation files. The table below indicates the code versions relevant to this
report and when they were received.
V Date Commit Hash Note
1 26 January 2021 c8a134429192a089bed6cc65ae8b73203fbb8374 Initial Version
2 4 March 2021 a4759e9d81ffb035fca5512a3f524e73923ac7bb Version 2
3 21 March 2021 8ac41f0e6505352858deb88db9ac524346ac9e45 Version 3
The solidity smart contracts are expected to be compiled using compiler version 0.6.11. After the
intermediate report, the expected compiler version was changed to 0.6.12.
In scope for this review is the new Liquidation 2.0 system only consisting of contracts defined in
dog.sol, clip.sol and abaci.sol. Furthermore, the newly added snip function inside end.sol is
in scope.
The documentation describing the changes for Liquidation 2.0 can be found at:
https://github.com/makerdao/mips/blob/master/MIP45/mip45.md
The relevant documentation commit is: 3131664668f06b5046d052dcdf0b62fea9b66e69
2.1.1 Excluded from scope
All contracts in files not explicitly listed above.
The correct choice of the parameters is out of scope of this review. A parallel engagement took place that
was tasked to determine the correct parameters based on economic simulations.
Maker Foundation - Liquidations 2.0 - ChainSecurity
4
3 System Overview
Version 1
This system overview describes the initially received version ( ) of the contracts as defined in the
Assessment Overview.
Liquidations 2.0 for multi collateral DAI has been developed to mitigate uncovered shortcomings in the
previous liquidation system. The most notable change from the previous version is the move from English
to Dutch style auctions. The resulting single block composability allows anyone to participate in the
liquidation without capital constraints by leveraging flash-loans. Contrary to the old system, partial
liquidations no longer exists except under special circumstances. Keepers, responsible to initiate the
liquidation of undercollateralized vaults have no first mover advantage anymore in the auction, hence a
new incentive scheme has been introduced.
3.1 Contracts
The liquidation 2.0 system consists of following deployed contracts: One shared Dog responsible for the
vault liquidations and multiple Clip contracts handling the auctions, one for each collateral. Further
contracts implementing the AbacusLike interface determine the price evolution during an ongoing
auction.
3.1.1 Vault Liquidation - Dog.sol
Replaces the Cat contract of the old liquidation system.
In the context of the Maker protocol, a liquidation is the seizure of collateral from an insufficiently
collateralized vault. During this process, the vault's debt is transferred to the protocol. An auction is
started immediately to sell the collateral for DAI in an attempt to cancel out the debt now assigned to the
protocol.
In Dog.bark(), the liquidation function takes all debt (different than before) and initiates the auction by
calling kick() on the respective auction contract of this collateral type.
Several conditions must be met for a liquidation:
• The Dog contract must be live.
• The vault to be liquidated must be undercollateralized.
• The current liquidation amount of this collateral type must be below a certain limit.
• The global total liquidation amount of all collaterals must be below a certain limit.
This prevents liquidation of too much collateral at once which could lead to price fluctuations of DAI.
Additionally, allows to account for collaterals with limited liquidity.
• The auction contract for this collateral must accept new auctions.
The Dog contract has the following operational modes:
• live == 1 - Status after deployment, system is active
• live == 0 - System has been frozen after execution of cage(). No new liquidations can be
initiated.
3.1.1.1 Special cases
Partial Liquidations: As the total amount of debt in active auctions cannot exceed either the global
Hole or the per collateral ilk.hole a vault may only be liquidated partially.
Dust: Neither can vaults be left in a dusty state after a partial liquidation nor can auctions for partial
liquidations be initiated below the dust amount.
Maker Foundation - Liquidations 2.0 - ChainSecurity
5
剩余22页未读,继续阅读
资源评论
FeelTouchLabs
- 粉丝: 1w+
- 资源: 78
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功