SYMMIO
SYMMIO
Details
Scope
My Submission
Reward Amounts
Critical
- 808,808 USDC maximum payout
- 80,000 USDC minimum payout
- Payout shall not exceed 10% of funds at risk at time of submission
Severity Criteria
Critical Definition
- Definite and significant loss of funds without limitations of external conditions
- Definite and significant freezing of funds for >1 year without limitations of external conditions
General Notes
- Sherlock’s Criteria for Issue Validity guide (used in Sherlock audit contests) can be a helpful resource for more context on out-of-scope issues, etc. but nothing in the guide should overrule the definitions above
- A coded Proof of Concept (POC) with instructions to run the POC is required
- If the protocol team has the ability to take measures (upgrade the contract, pause the contract, etc.) against an exploit, the potential damage is limited to a 1-hour exploit period before it is assumed that the protocol team takes measures to prevent further damage
Platform Rules
Please review the Sherlock Bug Bounty Platform Rules before submitting any vulnerability.
Known Issues and Acceptable Risks
- In the liquidation system, we allow liquidators to liquidate a user if they were insolvent before. The nonce should not be changed from that time (essentially, the user's positions should remain unchanged during this period). If the user adds funds to become solvent, the liquidator can still liquidate the user and return the extra funds.
Previous Audits
- https://audits.sherlock.xyz/contests/427
- https://audits.sherlock.xyz/contests/144
- https://audits.sherlock.xyz/contests/108
- https://audits.sherlock.xyz/contests/85
- Smart State
Additional Context
Chains in scope
- Arbitrum
- Mantle
- Base
- Blast
- BSC
- Other EVM-compatible chains where SYMMIO is currently live
Expected tokens
- Only whitelisted tokens can work with the codebase, and these include large market cap stablecoins such as USDC, USDT, and USDE.
Trusted integrations
- Muon Oracle
- External Stablecoins
Trusted protocol roles
- Protocol Admins are trusted: There is a multisig behind those functions and a couple of team members will review that call before executing it.
Offchain mechanisms and procedures
- There is a Muon oracle that provides data such as the uPnL of parties' positions.
- Liquidator Bots
- Force close Bots
- Force cancel Bots
- Anomaly detector Bots
Protocol Resources
Max Rewards
808,808 USDCStatus
Live since
Last updated
LIVE
Aug 8, 2024, 6:46 PM
Aug 8, 2024, 6:46 PM