Archi Bank

Details

Prior to the release of Archi Bank—the DeFi loan protocol—a bug bounty on the contract code will be carried out.

• Date: September 15 - September 27

• Existing conditions

  • It must be an issue related to the code and not the operation.

• Winnings: 1 million CAT (equivalent to 60 million KRW at the current market price)

  • 400,000 CAT, 2 People: Discovery of a bug that is at the level capable of money theft.

    • It must not be the same problem that can occur in Compound or Inverse Finance— and must be reproducible in the distributed contract.

    • If it is a bug for the same logic as Compound or Inverse Finance, it should be reproducible in Compound or Inverse Finance.

  • 50,000 CAT, 2 People. 20,000 CAT, 5 People.

    • Differential payment according to the severity of the bug

• Announcement of Winner(s): September 30

• Communication Channel

  • Cripto Archi Finance Telegram Group

• Advice

  • Compound and Inverse Finance are services that have been in operation for a long time and have not yet been hacked. It may be advantageous to focus on changes to increase your chances of winning a prize in this situation.

• Dealing With Trouble

  • By posting to the community and listening to the public opinions—apply the suggestion of an authoritative expert when there are few community participants.

Contract Code

• The Archi Bank contract code forked the anchor of Inverse Finance—which forked Compound.

  • https://github.com/InverseFinance/anchor

• The following changes were made.

  • Comptroller

    • A method of directly using the final version of Comptroller was used to prevent upgrading.

      • Removed Unitroller Contract

      • Removed the contract from the previous version of Comtroller.

    • Made it possible to avoid direct payment of Governance tokens

      • Removed codes related to COMP and INV

      • Removed contracts related to Governance

    • Removed the verify function with no rendering

    • Changed return error code to require, proposedly caused the contract to fail

  • CToken

    • Erc20 tokens only used CErc20Immutable contract

      • Removed contracts related to other Erc20

  • JumpRateModelV2

    • Only used JumpRateModelV2 for the interest model, removed other interest model contracts

  • Archi Swap Oracle

    • Wrote price feeds and oracles using Archi Swap prices

      • ArchiSwapOracle

        • Keep3rV2Oracle Refer

      • ArchiSwapTokenFeed

        • InvFeed Refer

• The code can be downloaded from the following link.

  • https://github.com/smarteasy/archibank

* The contract addresses that were distributed as tests were deleted since the participants were able to execute the contract function during testing.

Result

Defect severity leading to money theft or bugs that were at the level worthy enough to be awarded for was not found.