- Join Sherlock Discord
- Submit findings using the issue page in your private contest repo (label issues as med or high)
- Read for more details
The README is a very important document for the audit. Please fill it out thoroughly and include any other specific info that security experts will need in order to effectively review the codebase.
Some pointers for filling out the section below:
ERC20/ERC721/ERC777/FEE-ON-TRANSFER/REBASING TOKENS:
Which tokens do you expect will interact with the smart contracts? Please note that these answers have a significant impact on the issues that will be submitted by Watsons. Please list specific tokens (ETH, USDC, DAI) where possible, otherwise "Any"/"None" type answers are acceptable as well.
ADMIN: Admin/owner of the protocol/contracts. Label as TRUSTED, If you don't want to receive issues about the admin of the contract being able to steal funds. If you want to receive issues about the Admin of the contract being able to steal funds, label as RESTRICTED & list specific acceptable/unacceptable actions for the admins.
EXTERNAL ADMIN: These are admins of the protocols your contracts integrate with (if any). If you don't want to receive issues about this Admin being able to steal funds or result in loss of funds, label as TRUSTED If you want to receive issues about this admin being able to steal or result in loss of funds, label as RESTRICTED.
DEPLOYMENT: [e.g. mainnet, Arbitrum, Optimism, ..]
ERC20: [e.g. any, none, USDC, USDC and USDT]
ERC721: [e.g. any, none, UNI-V3]
ERC777: [e.g. any, none, {token name}]
FEE-ON-TRANSFER: [e.g. any, none, {token name}]
REBASING TOKENS: [e.g. any, none, {token name}]
ADMIN: [trusted, restricted, n/a]
EXTERNAL-ADMINS: [trusted, restricted, n/a]
Please answer the following questions to provide more context:
- The roles
- The actions those roles can take
- Outcomes that are expected from those roles
- Specific actions/outcomes NOT intended to be possible for those roles
A:
Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
A:
A:
A:
Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
A:
Q: In case of external protocol integrations, are the risks of an external protocol pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
A: [ACCEPTABLE/NOT ACCEPTABLE]
[List of all contracts in scope]