Taurus contest details

Join Sherlock Discord
Submit findings using the issue page in your private contest repo (label issues as med or high)
Read for more details

Resources

On-chain context

DEPLOYMENT: Arbitrum
ERC20: any non-rebasing. In particular, fee + staked GLP will be the first collateral token (managed through GMX's ERC20-compliant wrapper) and Arbitrum Weth will be the main yield token.
ERC721: none
ERC777: none
FEE-ON-TRANSFER: none
REBASING TOKENS: none
ADMIN: trusted
EXTERNAL-ADMINS: trusted

Please answer the following questions to provide more context:

Q: Are there any additional protocol roles? If yes, please explain in detail:

The roles
The actions those roles can take
Outcomes that are expected from those roles
Specific actions/outcomes NOT intended to be possible for those roles

A: In order from most to least authority:

Governance. Entirely trusted. This role will be initially granted to the multisig.
Multisig. Trusted with essentially everything but user collateral. Among other things, this role can:

Set protocol fees, up to 40%. This determines the amount of yield earned by user collateral which will be used to pay off user loans vs. redirected into the protocol itself.
Direct protocol fees. Fees may be used to incentivize liquidity provision, claimed directly by the multisig, or otherwise used however the multisig decides.
Pause vaults. Users can exit paused vaults, but otherwise no significant action should be possible on them.

Keepers. These are trusted with vault yield but not user collateral. They generally perform upkeep on the vault such as swapping yield for Tau and running the LiquidationBot.
Liquidators. These are simply trusted to liquidate accounts. It is intended that this role will eventually be deprecated and any account allowed to liquidate.

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

A: The code is not expected to comply with any EIPs.

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

A: In a situation where an account's debt is worth close to or more than the value of its collateral, liquidators should still be able to liquidate the account's debt at a discount. In the end this will result in some debt left in the system without any collateral backing it. This is an acceptable loss which will be covered by the system.

Q: Please provide links to previous audits (if any).

A: There have been no previous audits.

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

A: Yes, two.

Keepers will periodically scan the vault and liquidate any unhealthy accounts. This will be handled through the LiquidationBot, which will be supplied with sufficient Tau.
Keepers will periodically swap a portion of the vault yield for tau.

Q: In case of external protocol integrations, are the risks of an external protocol pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

A: ACCEPTABLE. Gmx certainly has the power to do so.

Audit scope

taurus-contracts @ 3759a646f5738890198eb7ae3964e4ecbe952d17

About Taurus

Taurus is a self-repaying loan protocol built to be compatible with any yield-bearing token. The first collateral token will be GLP due to its high yields and stable nature. Users can use Taurus to leverage their GLP investment or gain liquidity while maintaining their GLP position.

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
.github/ISSUE_TEMPLATE		.github/ISSUE_TEMPLATE
.sherlock		.sherlock
taurus-contracts		taurus-contracts
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Taurus contest details

Resources

On-chain context

Q: Are there any additional protocol roles? If yes, please explain in detail:

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

Q: Please provide links to previous audits (if any).

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

Q: In case of external protocol integrations, are the risks of an external protocol pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

Audit scope

About Taurus

About

Releases

Packages

Contributors 6

Languages

sherlock-audit/2023-03-taurus

Folders and files

Latest commit

History

Repository files navigation

Taurus contest details

Resources

On-chain context

Q: Are there any additional protocol roles? If yes, please explain in detail:

Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?

Q: Please list any known issues/acceptable risks that should not result in a valid finding.

Q: Please provide links to previous audits (if any).

Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?

Q: In case of external protocol integrations, are the risks of an external protocol pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.

Audit scope

About Taurus

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 6

Languages

Packages