A set of smart contracts that enable democratic allocation and distribution of capital. Developed by Gitcoin to power the Grants Stack, but useful beyond grants and quadratic funding.
Scope
Contest Results
On what chains are the smart contracts going to be deployed?
All EVM compatible chains + Zkync Era
Which ERC20 tokens do you expect will interact with the smart contracts?
All
Which ERC721 tokens do you expect will interact with the smart contracts?
None
Which ERC777 tokens do you expect will interact with the smart contracts?
None
Are there any FEE-ON-TRANSFER tokens interacting with the smart contracts?
Yes. When funding a pool on Allo.sol
Are there any REBASING tokens interacting with the smart contracts?
None
Are the admins of the protocols your contracts integrate with (if any) TRUSTED or RESTRICTED?
RESTRICTED
Is the admin/owner of the protocol/contracts TRUSTED or RESTRICTED?
TRUSTED
The contracts are upgradable and the admin is trusted.
The owner of Allo.sol can
The owner of Registry.sol can recover funds from Registry.sol
Are there any additional protocol roles? If yes, please explain in detail:
Profile Owners: Users who create profiles using the Registry
contract. These profiles are central to protocol interactions, offering a unique identity for users and enabling secure external calls through the Anchor
contract.
Profile Member: Members of a Registry profile have specific access rights as defined by the profile's owner.
Allo Owner: Individuals who control the Allo
contract, possessing the authority to manage fund recovery, fee parameters, and treasury addresses. Their role is pivotal in ensuring the protocol's financial stability.
Pool Creator A user who can create new pools using custom or cloneable strategies. They can specify metadata, strategy addresses, managers, and other parameters during pool creation.
Pool Administrator Users with administrative control over specific pools. They can manage pool managers, enabling effective pool governance.
Pool Manager Users who manage funds within specific pools. They can allocate and distribute funds according to the pool's strategy
Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
ERC20, EIP-712
Please list any known issues/acceptable risks that should not result in a valid finding.
Fee skirting where pool manager directly fund the pool without paying the fees
Please provide links to previous audits (if any).
New
Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
No
Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?
Yes as we support all ERC20 tokens.
Add links to relevant protocol resources
Total Rewards
Contest Pool
Lead Senior Watson
Judging Pool
Lead Judge
23,000 USDC
32,000 USDC
1,700 USDC
1,700 USDC
Status
Scope
Start Time
End Time
Finished
1,648 nSLOC
Sep 11, 2023, 3:00 PM
Sep 21, 2023, 3:00 PM