- Total Prize Pool: $35,000 in USDC
- HM awards: $23,900 in USDC
- QA awards: $1,000 in USDC
- Judge awards: $2,800 in USDC
- Validator awards: $1,800 in USDC
- Scout awards: $500 in USDC
- Mitigation Review: $5,000 USDC
- Read our guidelines for more details
- Starts January 29, 2025 20:00 UTC
- Ends February 7, 2025 20:00 UTC
Note re: risk level upgrades/downgrades
Two important notes about judging phase risk adjustments:
- High- or Medium-risk submissions downgraded to Low-risk (QA) will be ineligible for awards.
- Upgrading a Low-risk finding from a QA report to a Medium- or High-risk finding is not supported.
As such, wardens are encouraged to select the appropriate risk level carefully during the submission phase.
The 4naly3er report can be found here.
Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.
- The token will be IQ, so there is no need to review implementations with other tokens.
- Whitelisted proxies can be malicious - no need to raise this as an issue.
- The owner will be a multisig.
- Gas optimizations are not needed since this will be deployed on a cheap L2 chain.
- ERC20 Compliant Token which confers governance over
AgentContract. - Contains ERC20Permit Functionality.
- Token contract is owned by the
AgentContract. - Token Clock based on timestamp rather than blockNumber
AgentContract which allows for call forwarding to whitelisted implementation contracts.- Owner of the
Agentis theTokenGovernorcontract. - Whitelists must be approved via the
AgentFactorycontract. - Implementations must adhere to the storage layout set forth in
Agent - Similar to EIP-897 upgradability pattern
- Contract responsible for deploying the Agent Contract array
- On
createAgent()call the factory will deploy several contracts:AgentAITokenTokenGovernorLiquidityManager--initializeBootstrapPool()--> 4.1BootstrapPool
- AITokens in this step will be allocated between the
Agent,DAO&LiquidityManagerat this point. - Users will have an option to perform an initial buy through the
BootstrapPoolcontract on the initial call.
- Contract used to route trades either buying or selling a given
AIToken - Will swap either through the
BootstrapPoolor aFraxswappair
- Serves as an initial pool through with an
AITokencan be traded. - Owned by
LiquidityManagercontract. - Very similar to X*Y=K style AMM.
- Contract intended to move liquidity between the bootstrap pool and the fraxswap pair given certain conditions are met.
- Governance contract based off of OZ
Governor.sol - Voting token is
AITokenGovernor address will have ownership rights over theAgentcontract.
- Previous audits: N/A
- Documentation: N/A
- Website: https://iqai.com
- X/Twitter: https://x.com/IQAICOM
See scope.txt
| File | Logic Contracts | Interfaces | nSLOC | Purpose | Libraries used |
|---|---|---|---|---|---|
| /src/AIToken.sol | 1 | **** | 38 | @openzeppelin/contracts/access/Ownable.sol, @openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol, @openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol, @openzeppelin/contracts/utils/Nonces.sol, @openzeppelin/contracts/utils/types/Time.sol | |
| /src/Agent.sol | 1 | **** | 63 | @openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol, @openzeppelin/contracts/access/Ownable.sol, @openzeppelin/contracts/proxy/Proxy.sol | |
| /src/AgentFactory.sol | 1 | **** | 217 | @openzeppelin/contracts/interfaces/IERC20.sol, @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol, @openzeppelin/contracts/access/Ownable.sol, @openzeppelin/contracts/access/Ownable2Step.sol | |
| /src/AgentRouter.sol | 1 | **** | 100 | @openzeppelin/contracts/interfaces/IERC20.sol, @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol, dev-fraxswap/src/contracts/core/interfaces/IFraxswapPair.sol, dev-fraxswap/src/contracts/core/interfaces/IFraxswapFactory.sol | |
| /src/BootstrapPool.sol | 1 | **** | 137 | @openzeppelin/contracts/interfaces/IERC20.sol, @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol, @openzeppelin/contracts/utils/ReentrancyGuard.sol | |
| /src/LiquidityManager.sol | 1 | **** | 146 | @openzeppelin/contracts/interfaces/IERC20.sol, @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol, dev-fraxswap/src/contracts/core/interfaces/IFraxswapPair.sol, dev-fraxswap/src/contracts/core/interfaces/IFraxswapFactory.sol, dev-fraxswap/src/contracts/core/libraries/Math.sol | |
| /src/TokenGovernor.sol | 1 | **** | 77 | @openzeppelin/contracts/governance/Governor.sol, @openzeppelin/contracts/governance/extensions/GovernorCountingSimple.sol, @openzeppelin/contracts/governance/extensions/GovernorVotes.sol, @openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol, @openzeppelin/contracts/governance/utils/IVotes.sol, @openzeppelin/contracts/utils/types/Time.sol | |
| Totals | 7 | **** | 778 |
See out_of_scope.txt
| File |
|---|
| ./script/Base.s.sol |
| ./script/Deploy.s.sol |
| ./src/interface/IBAMM.sol |
| ./src/interface/IBAMMFactory.sol |
| ./test/AITokenTest.sol |
| ./test/AgentFactoryTest.sol |
| ./test/AgentRouterTest.sol |
| ./test/AgentTest.sol |
| ./test/BootstrapPoolTest.sol |
| ./test/Helpers/SigUtils.sol |
| ./test/MoveLiquidityTest.sol |
| ./test/ProxyTest.sol |
| ./test/TokenGovernorTest.sol |
| Totals: 13 |
| Question | Answer |
|---|---|
| ERC20 used by the protocol | vanilla ERC20s as collateral, IQ |
| Test coverage | 93.09% |
| ERC721 used by the protocol | None |
| ERC777 used by the protocol | None |
| ERC1155 used by the protocol | None |
| Chains the protocol will be deployed on | Fraxtal |
| Question | Answer |
|---|---|
| Missing return values | Out of scope |
| Fee on transfer | Out of scope |
| Balance changes outside of transfers | Out of scope |
| Upgradeability | Out of scope |
| Flash minting | Out of scope |
| Pausability | Out of scope |
| Approval race protections | Out of scope |
| Revert on approval to zero address | Out of scope |
| Revert on zero value approvals | Out of scope |
| Revert on zero value transfers | Out of scope |
| Revert on transfer to the zero address | Out of scope |
| Revert on large approvals and/or transfers | Out of scope |
| Doesn't revert on failure | In scope |
| Multiple token addresses | Out of scope |
| Low decimals ( < 6) | Out of scope |
| High decimals ( > 18) | Out of scope |
| Blocklists | Out of scope |
| Question | Answer |
|---|---|
| Enabling/disabling fees (e.g. Blur disables/enables fees) | No |
| Pausability (e.g. Uniswap pool gets paused) | No |
| Upgradeability (e.g. Uniswap gets upgraded) | No |
| Question | Answer |
|---|---|
| src/AIToken.sol | ERC20 |
| src/Agent.sol | ERC721 |
N/A
- CurrencyToken is intended to be an IERC20 compatible token. This excludes tokens with
feeOnTransfer()functionality, in addition to ERC777-like callback functionality. - Implementation contracts for
Agentare intended to inherit the storage layout of the baseAgentcontract. Using a pattern like so:
contract AdditionalFunctionalityForAgent is Agent {
uint256 public someAdditionalState;
constructor(
string memory name,
string memory symbol,
string memory url,
address _factory
)
Agent(name, symbol, url, _factory)
{ }
function someAdditionalFunctionality() public { .... }
}
- Similarly it can also be assumed that the
AgentFactoryOwner will not whitelist and proxy Implementations which are malicious or interact with the baseAgentstate in a malicious manner.
- Graduation of agents and transfer of LP to Fraxswap
- High severity risks around funds getting stuck or stolen from the protocol
| Role | Description |
|---|---|
| AgentFactory Owner | admin rights |
N/A
git clone --recursive https://github.com/code-423n4/2025-01-iq-ai
cd 2025-01-iq-ai
pnpm i
forge testTo run code coverage
forge coverageTo run gas benchmarks
forge test --gas-report
Employees of IQ AI and employees' family members are ineligible to participate in this audit.
Code4rena's rules cannot be overridden by the contents of this README. In case of doubt, please check with C4 staff.