DAO Reviews

Security audit: Cap protocol (DAO)

Ask Reviews
#1

- Who you are and a brief description of the feature/project
This is a community proposal from Cap protocol (DAO). As a community driving project, we ask for someone with certain expertise to perform a security audit for the smart contracts that run the protocol. CAP is a protocol for decentralized CFD (Contracts for Differences) trading on Ethereum. CAP provides a censorship-resistant (dark feed oracle network, IPFS + ENS client eth.cap.link) leveraged trading platform for synthetic assets of any type with instant liquidity.

More information can be found here: docs.cap.exchange

- What’s the scope of the review? (e.g. github link, code snippet, private sharing)
The revision will consist on auditing five contracts that can be found on GitHub (protocol/contracts at master · capfina/protocol · GitHub):

  1. Governance contract: Receives staked CAP and keeps track of votes and proposals. A proposal can be executed once enough “for” votes are reached by the end of the voting period.
  2. Treasury contract: Holds system and trader assets. These include trader deposits and assets bought by governance. Trader deposits are segregated from funds available for use by governance.
  3. Products contract: Used to register and keep track of products available to trade. Maximum leverage, spread, and funding rate per block can be set by governance for each individual product.
  4. Trading contract: Receives orders from clients. These can be of two types: new position or position close.
  5. Queue contract: Queues orders for processing by the oracle network. Once a price is provided, the order is sent back to the trading contract for execution.

- What kind of review do you need? (e.g. security, high level, gas optimization…)
Analyze design issues, errors in the code and security flaws and vulnerabilities.

- What’s the deadline? (e.g. 2 weeks, a month)
There is no hard deadline, but a timeline of 1 month seems reasonable.

- Optional skills/level required for the reviewers
Solidity knowledge.
Expertise with security audits is highly desirable.

- Incentives/Rewards for reviewers
Incentive will be determined and pooled by the community once we agree with the audit terms.

1 Like