If you notice some outdated information please let us know!
FAIL
The final review score is indicated as a percentage. The percentage is calculated as Achieved Points due to MAX Possible Points. For each element the answer can be either Yes/No or a percentage. For a detailed breakdown of the individual weights of each question, please consult this document.
Very simply, the audit looks for the following declarations from the developer's site. With these declarations, it is reasonable to trust the smart contracts.
This report is for informational purposes only and does not constitute investment advice of any kind, nor does it constitute an offer to provide investment advisory or other services. Nothing in this report shall be considered a solicitation or offer to buy or sell any security, token, future, option or other financial instrument or to offer or provide any investment advice or service to any person in any jurisdiction. Nothing contained in this report constitutes investment advice or offers any opinion with respect to the suitability of any security, and the views expressed in this report should not be taken as advice to buy, sell or hold any security. The information in this report should not be relied upon for the purpose of investing. In preparing the information contained in this report, we have not taken into account the investment needs, objectives and financial circumstances of any particular investor. This information has no regard to the specific investment objectives, financial situation and particular needs of any specific recipient of this information and investments discussed may not be suitable for all investors.
Any views expressed in this report by us were prepared based upon the information available to us at the time such views were written. The views expressed within this report are limited to DeFiSafety and the author and do not reflect those of any additional or third party and are strictly based upon DeFiSafety, its authors, interpretations and evaluation of relevant data. Changed or additional information could cause such views to change. All information is subject to possible correction. Information may quickly become unreliable for various reasons, including changes in market conditions or economic circumstances.
This completed report is copyright (c) DeFiSafety 2023. Permission is given to copy in whole, retaining this copyright label.
This section looks at the code deployed on the relevant chain that gets reviewed and its corresponding software repository. The document explaining these questions is here.
1. Are the smart contract addresses easy to find? (%)
Votium's smart contracts are available in their documentation here. A screenshot of the addresses can be found in the appendix.
2. How active is the primary contract? (%)
Votium's Multi Merkle Stash contract is active with well over 10 transactions a day, earning Votium a 100% score. A screenshot of the transaction dashboard is available in the appendix.
3. Does the protocol have a public software repository? (Y/N)
Votium's software repository can be found on their GitHub page.
4. Is there a development history visible? (%)
Votium's repository has 258 commits and 1 branch, which displays good development. Although Votium earns 100% score on this segment, it would be good to develop an extra branch or two to bring the development history to a better place.
5. Is the team public (not anonymous)?
There is no team members from Votium that is publicly tied to the protocol, which gives the protocol a 0.
This section looks at the software documentation. The document explaining these questions is here.
7. Is the protocol's software architecture documented? (Y/N)
Votium does not display any readily available software architecture documentation for its users. There are only brief descriptions of the buyers and voters roles and how to interact with the protocol but that does not constitute proper software architecture documentation.
8. Does the software documentation fully cover the deployed contracts' source code? (%)
There is no software documentation covering the deployed codes of Votium. Only smart contract addresses and their Etherscan links are displayed.
9. Is it possible to trace the documented software to its implementation in the protocol's source code? (%)
As there is no documented software functions or architecture, Votium earns a 0 for this question as well.
10. Has the protocol tested their deployed code? (%)
There is no evidence of testing in Votium's contracts repository.
11. How covered is the protocol's code? (%)
There is no trace of code coverage available on Votium protocol.
12. Does the protocol provide scripts and instructions to run their tests? (Y/N)
There is no scripts or instructions to run tests for the protocol's code.
13. Is there a detailed report of the protocol's test results?(%)
There are no reports on the protocol's test results.
14. Has the protocol undergone Formal Verification? (Y/N)
Votium has not undergone any Formal Verification.
15. Were the smart contracts deployed to a testnet? (Y/N)
While there is no evidence of testnet deployment on the protocol's documentation, a quick chat with the Votium developers allowed us to provide their testnet deployment addresses on Rinkeby here: VotiumVeCRV.sol: https://rinkeby.etherscan.io/address/0x07c3c293dc6c71bcc00142738ec1a356340a2d17 VoteProxy.sol: https://rinkeby.etherscan.io/address/0xde1e6a7ed3300420ea855c2c055b41a3d10e974b VotiumBribe.sol (vlCVX): https://rinkeby.etherscan.io/address/0xd258b758b6fad0d373603c7dc2fca295cef15e4a#code Single merkle has a testnet deployment: https://rinkeby.etherscan.io/address/0xb710f1eb3e88e338744e148c8e63b07bc121a4a8
This section looks at the 3rd party software audits done. It is explained in this document.
16. Is the protocol sufficiently audited? (%)
There are no audits available on Votium.
17. Is the bounty value acceptably high (%)
There are no bug bounties available for the Votium Protocol.
This section covers the documentation of special access controls for a DeFi protocol. The admin access controls are the contracts that allow updating contracts or coefficients in the protocol. Since these contracts can allow the protocol admins to "change the rules", complete disclosure of capabilities is vital for user's transparency. It is explained in this document.
18. Is the protocol's admin control information easy to find?
Votium Protocol's admin controls can be found in their Multisig Admin Rights documentation. That was easy to find.
19. Are relevant contracts clearly labelled as upgradeable or immutable? (%)
Each upgradeable contract is documented in the Multisig Admin Rights' section, with the functions and smart contract names which is good documentation.
20. Is the type of smart contract ownership clearly indicated? (%)
Ownership is clearly indicated as MultiSig in their Multisig Admin Rights.
21. Are the protocol's smart contract change capabilities described? (%)
Votium describes smart contract change capabilities very well with their Multisig Admin Rights documentation.
22. Is the protocol's admin control information easy to understand? (%)
The admin control information for the protocol are in non-software specific language, which earns the protocol a 100%.
23. Is there sufficient Pause Control documentation? (%)
There are no Pause Control documentation available for Votium.
24. Is there sufficient Timelock documentation? (%)
There is an identification of a timelock on Votium's "Why Votium" page, where there is mention of a 10 day cooldown period. However, this is not enough documentation to receive full marks; giving functions and explanations on the timelock as well as which contracts are specifically affected by this cooldown would help users understand the feature better.
25. Is the Timelock of an adequate length? (Y/N)
Timelock is of a 10 day period, earning Votium 50%. This statement can be found here.
This section goes over the documentation that a protocol may or may not supply about their Oracle usage. Oracles are a fundamental part of DeFi as they are responsible for relaying tons of price data information to thousands of protocols using blockchain technology. Not only are they important for price feeds, but they are also an essential component of transaction verification and security. These questions are explained in this document.
26. Is the protocol's Oracle sufficiently documented? (%)
Votium does not provide oracle documentation. However, it is clear that Votium does not use oracles. As such, we will award full points.
27. Is front running mitigated by this protocol? (Y/N)
This protocol does not provide front running mitigation techniques. Indeed, as a protocol that does not custody funds the potential for front running is minimal. We will thus award points to prevent this protocol being penalised for this.
28. Can flashloan attacks be applied to the protocol, and if so, are those flashloan attack risks mitigated? (Y/N)
This protocol does not provide flashloan attack mitigation techniques. Indeed, as a protocol that does not custody funds the potential for flashloan attack is minimal. We will thus award points to prevent this protocol being penalised for this.
1// SPDX-License-Identifier: MIT
2// Votium Bribe
3
4pragma solidity ^0.8.0;
5
6import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
7import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
8import "@openzeppelin/contracts/utils/math/Math.sol";
9
10import "./Ownable.sol";
11
12contract VotiumBribe is Ownable {
13
14 using SafeERC20 for IERC20;
15
16 /* ========== STATE VARIABLES ========== */
17
18 // accepted tokens registry
19 struct Token {
20 bool whitelist;
21 address distributor;
22 }
23
24 // proposal data
25 struct Proposal {
26 uint256 deadline;
27 uint256 maxIndex;
28 }
29
30 mapping(bytes32 => Proposal) public proposalInfo; // bytes32 of snapshot IPFS hash id for a given proposal
31 mapping(address => Token) public tokenInfo; // bribe token registry data
32
33 mapping(bytes32 => bool) public delegationHash; // approved hashes for EIP1271 delegated vote
34 mapping(address => bool) public approvedTeam; // for team functions that do not require multi-sig security
35
36 address public feeAddress = 0xe39b8617D571CEe5e75e1EC6B2bb40DdC8CF6Fa3; // Votium multisig
37 uint256 public platformFee = 400; // 4%
38 uint256 public constant DENOMINATOR = 10000; // denominates weights 10000 = 100%
39
40 bool public requireWhitelist = true; // begin with erc20 whitelist in effect
41
42
43
44 /* ========== CONSTRUCTOR ========== */
45
46 constructor() {
47 approvedTeam[msg.sender] = true;
48 approvedTeam[0x540815B1892F888875E800d2f7027CECf883496a] = true;
49 }
50
51 /* ========== PUBLIC FUNCTIONS ========== */
52
53 // Deposit bribe
54 function depositBribe(address _token, uint256 _amount, bytes32 _proposal, uint256 _choiceIndex) public {
55 if(requireWhitelist == true) {
56 require(tokenInfo[_token].whitelist == true, "!whitelist");
57 }
58 require(proposalInfo[_proposal].deadline > block.timestamp, "invalid proposal");
59 require(proposalInfo[_proposal].maxIndex >= _choiceIndex, "invalid choice");
60 uint256 fee = _amount*platformFee/DENOMINATOR;
61 uint256 bribeTotal = _amount-fee;
62 IERC20(_token).safeTransferFrom(msg.sender, feeAddress, fee);
63 if(tokenInfo[_token].distributor == address(0)) {
64 IERC20(_token).safeTransferFrom(msg.sender, address(this), bribeTotal); // if distributor contract is not set, store in this contract until ready
65 } else {
66 IERC20(_token).safeTransferFrom(msg.sender, tokenInfo[_token].distributor, bribeTotal); // if distributor contract is set, send directly to distributor
67 }
68 emit Bribed(_token, bribeTotal, _proposal, _choiceIndex);
69 }
70
71 // called by vote proxy contract as part of EIP1271 contract signing for delegated votes
72 function isWinningSignature(bytes32 _hash, bytes memory _signature) public view returns (bool) {
73 return delegationHash[_hash];
74 }
75
76 /* ========== APPROVED TEAM FUNCTIONS ========== */
77
78 // initiate proposal for bribes
79 function initiateProposal(bytes32 _proposal, uint256 _deadline, uint256 _maxIndex) public onlyTeam {
80 require(proposalInfo[_proposal].deadline == 0, "exists");
81 require(_deadline > block.timestamp, "invalid deadline");
82 proposalInfo[_proposal].deadline = _deadline;
83 proposalInfo[_proposal].maxIndex = _maxIndex;
84 emit Initiated(_proposal);
85 }
86
87 // approve EIP1271 vote hash for delegated vlCVX
88 function approveDelegationVote(bytes32 _hash) public onlyTeam {
89 delegationHash[_hash] = true;
90 }
91
92 // transfer stored bribes to distributor (only pertains to bribes made before a token distributor has been set)
93 function transferToDistributor(address _token) public onlyTeam {
94 require(tokenInfo[_token].distributor != address(0), "no distributor");
95 uint256 bal = IERC20(_token).balanceOf(address(this));
96 IERC20(_token).safeTransfer(tokenInfo[_token].distributor, bal);
97 }
98
99 // whitelist token
100 function whitelistToken(address _token) public onlyTeam {
101 tokenInfo[_token].whitelist = true;
102 emit Whitelisted(_token);
103 }
104
105 // whitelist multiple tokens
106 function whitelistTokens(address[] memory _tokens) public onlyTeam {
107 for(uint256 i=0;i<_tokens.length;i++) {
108 tokenInfo[_tokens[i]].whitelist = true;
109 emit Whitelisted(_tokens[i]);
110 }
111 }
112
113 /* ========== MUTLI-SIG FUNCTIONS ========== */
114
115 // toggle whitelist requirement
116 function setWhitelistRequired(bool _requireWhitelist) public onlyOwner {
117 requireWhitelist = _requireWhitelist;
118 emit WhitelistRequirement(_requireWhitelist);
119 }
120
121 // update fee address
122 function updateFeeAddress(address _feeAddress) public onlyOwner {
123 feeAddress = _feeAddress;
124 }
125
126 // update fee amount
127 function updateFeeAmount(uint256 _feeAmount) public onlyOwner {
128 require(_feeAmount < 400, "max fee"); // Max fee 4%
129 platformFee = _feeAmount;
130 emit UpdatedFee(_feeAmount);
131 }
132
133 // add or remove address from team functions
134 function modifyTeam(address _member, bool _approval) public onlyOwner {
135 approvedTeam[_member] = _approval;
136 emit ModifiedTeam(_member, _approval);
137 }
138
139 // update token distributor address
140 function updateDistributor(address _token, address _distributor) public onlyOwner {
141 // can be changed for future use in case of cheaper gas options than current merkle approach
142 tokenInfo[_token].distributor = _distributor;
143 emit UpdatedDistributor(_token, _distributor);
144 }
145
146 /* ========== MODIFIERS ========== */
147
148 modifier onlyTeam() {
149 require(approvedTeam[msg.sender] == true, "Team only");
150 _;
151 }
152
153 /* ========== EVENTS ========== */
154
155 event Bribed(address _token, uint256 _amount, bytes32 indexed _proposal, uint256 _choiceIndex);
156 event Initiated(bytes32 _proposal);
157 event Whitelisted(address _token);
158 event WhitelistRequirement(bool _requireWhitelist);
159 event UpdatedFee(uint256 _feeAmount);
160 event ModifiedTeam(address _member, bool _approval);
161 event UpdatedDistributor(address indexed _token, address _distributor);
162
163}