- Join Sherlock Discord
- Submit findings using the issue page in your private contest repo (label issues as med or high)
- Read for more details
mainnet, arbitrum
any, including USDC and USDT
none
Yes, Notional V3 supports ERC1155 via the ERC1155 Action contract for fCash. ERC1155 compatibility is not a primary focus for this audit.
none
There is limited support for listing fee on transfer tokens but they are explicitly restricted in leveraged vaults.
Yes, specifically Aave v3 lending tokens. They will only be used in conjunction with the External Lending functionality. Rebasing tokens are not allowed to be listed as lending and borrowing currencies.
TRUSTED
TRUSTED
Yes there are three roles in relation to Notional V3:
- Owner: is trusted and allowed to set various governance settings along with execute upgrades
- Treasury Manager: is allowed to pull protocol owned funds via the Treasury Manager contract. There are two types of profits available to the protocol, fee reserves and excess interest generated by external lend.g
- Rebalancing Bot: is an off chain bot that detects when rebalancing can occur via
checkRebalanceand will rebalance those currencies accordingly.
Q: Is the code/contract expected to comply with any EIPs? Are there specific assumptions around adhering to those EIPs that Watsons should be aware of?
No
Prime Debt Cap: It is understood that due to the nature of settlement, accounts may generate short dated fCash and push the system above the debt cap at maturity. This would be alleviated by tracking overall fCash debt outstanding, however, this adds significantly more complexity to the system and makes the debt cap more difficult to administer. If this does become an issue a mitigation would be a temporary increase in the supply cap. If this is a persistent issue, a more permanent mitigation would include a more comprehensive tracking and limiting of total fCash debts.
https://github.com/notional-finance/contracts-v2/blob/master/audits/README.md
Q: Are there any off-chain mechanisms or off-chain procedures for the protocol (keeper bots, input validation expectations, etc)?
Yes see #3 in the additional protocol roles, the rebalancing bot.
Q: In case of external protocol integrations, are the risks of external contracts pausing or executing an emergency withdrawal acceptable? If not, Watsons will submit issues related to these situations that can harm your protocol's functionality.
With respect to external lending, it is understood that Aave V3 may pause withdraws and prevent Notional from withdrawing its funds. A mitigation against this risk is only use external lending for liquid, well understood tokens.
Q: Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?
USDC and USDT are the primary examples.
Notional V3 Protocol Documentation: https://docs.notional.finance/notional-v3/
Audit Scope Documentation: https://docs.google.com/document/d/1-2iaTM8lBaurrfItOJRRveHnwKq1lEWGnewrEfXMzrI/edit
wrapped-fcash @ 3157e4c5eb105eaccbd827a8fc016a48fcc44dd7
- wrapped-fcash/contracts/lib/EncodeDecode.sol
- wrapped-fcash/contracts/wfCashBase.sol
- wrapped-fcash/contracts/wfCashERC4626.sol
- wrapped-fcash/contracts/wfCashLogic.sol
contracts-v3 @ d9835667a2d80ccab89233d04c3b5f9eb7ba4585
- contracts-v3/contracts/external/actions/AccountAction.sol
- contracts-v3/contracts/external/actions/TreasuryAction.sol
- contracts-v3/contracts/external/adapters/SecondaryRewarder.sol
- contracts-v3/contracts/external/pCash/AaveV3HoldingsOracle.sol
- contracts-v3/contracts/external/proxies/BaseERC4626Proxy.sol
- contracts-v3/contracts/internal/balances/ExternalLending.sol
- contracts-v3/contracts/internal/nToken/nTokenCalculations.sol
- contracts-v3/contracts/internal/pCash/PrimeSupplyCap.sol