Archi Bank
Information on Archi Bank’s Bug Bounty.
Details
Prior to the release of Archi Bank—the DeFi loan protocol—a bug bounty on the contract code will be carried out.
Date: September 15 - September 27
Existing conditions
It must be an issue related to the code and not the operation.
Winnings: 1 million CAT (equivalent to 60 million KRW at the current market price)
400,000 CAT, 2 People: Discovery of a bug that is at the level capable of money theft.
It must not be the same problem that can occur in Compound or Inverse Finance— and must be reproducible in the distributed contract.
If it is a bug for the same logic as Compound or Inverse Finance, it should be reproducible in Compound or Inverse Finance.
50,000 CAT, 2 People. 20,000 CAT, 5 People.
Differential payment according to the severity of the bug
Announcement of Winner(s): September 30
Communication Channel
Advice
Compound and Inverse Finance are services that have been in operation for a long time and have not yet been hacked. It may be advantageous to focus on changes to increase your chances of winning a prize in this situation.
Dealing With Trouble
By posting to the community and listening to the public opinions—apply the suggestion of an authoritative expert when there are few community participants.
Contract Code
The Archi Bank contract code forked the anchor of Inverse Finance—which forked Compound.
The following changes were made.
Comptroller
A method of directly using the final version of Comptroller was used to prevent upgrading.
Removed Unitroller Contract
Removed the contract from the previous version of Comtroller.
Made it possible to avoid direct payment of Governance tokens
Removed codes related to COMP and INV
Removed contracts related to Governance
Removed the verify function with no rendering
Changed return error code to require, proposedly caused the contract to fail
CToken
Erc20 tokens only used CErc20Immutable contract
Removed contracts related to other Erc20
JumpRateModelV2
Only used JumpRateModelV2 for the interest model, removed other interest model contracts
Archi Swap Oracle
Wrote price feeds and oracles using Archi Swap prices
ArchiSwapOracle
Keep3rV2Oracle Refer
ArchiSwapTokenFeed
InvFeed Refer
The code can be downloaded from the following link.
* The contract addresses that were distributed as tests were deleted since the participants were able to execute the contract function during testing.
Result
Defect severity leading to money theft or bugs that were at the level worthy enough to be awarded for was not found.
Last updated