Superfluid Locker System
Superfluid is the money streaming protocol, powering a real-time onchain economy. Start earning every second with streaming airdrops, rewards and yield.
Details
Scope
On what chains are the smart contracts going to be deployed?
This smart-contract suite is intended to be deployed on the exhaustive list of networks below :
- Ethereum
- Optimism
- BNB Smart Chain
- Gnosis
- Polygon
- Base
- Arbitrum One
- Celo
- Avalanche
- Scroll
- Degen Chain
If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?
The project WILL ONLY integrate a Super Token that Superfluid Core Team will deploy.
The token will be deployed as a plain ERC20 on Ethereum Mainnet, will then be wrapped as SuperToken and bridged to other chains / L2 (as Super Token).
The Super Token that will be used with these contracts is similar to the Super Token at the following address :
https://basescan.org/token/0x2112b92A4f6496B7b2f10850857FfA270464d054For more info regarding SuperTokens, see https://docs.superfluid.finance/docs/category/super-tokens
Are there any limitations on values set by admins (or other roles) in the codebase, including restrictions on array lengths?
FluidEPProgramManager.sol :
- Owner is trusted
- Signers are trusted
createProgram(...):- it is assumed that the given
programAdminandsignerare valid and correct addresses startFunding(...):- it is assumed that the
FluidTreasurywill have granted allowance to this contract for the desired amount prior to this call - it is assumed that users (specifically lockers) will have units in the corresponding program distribution pool prior to this call
- similarly, when subsidy switch is turned ON, it is assumed that users (specifically lockers) will have units in the corresponding tax distribution pool prior to this call
- For reference, during the initial phase, the
subsidyFundingRatewill be set to0. After some time, thesubsidyFundingRatewill be increased to500(i.e. 5%). It is known that the subsidies will only start flowing for the program funded after the rate is updated. EARLY_PROGRAM_ENDis currently set to 7 days. This value could potentially be reduced (to 5 or 3 days).
FluidLocker.sol :
- Each locker is "owned" by an individual account (
lockerOwner). UNLOCK_AVAILABLEwill initially be set tofalse. After some time, the beacon proxy will be updated and this valus will be set totrue.
- Each locker is "owned" by an individual account (
FluidLockerFactory.sol :
- Governor is trusted
Fontaine.sol
initialize(...):- it is assumed that users (specifically lockers) will have units in the corresponding tax distribution pool prior to this call.
StakingRewardController.sol
- Owner is trusted
- It is assumed that the correct
lockerFactorywill be set during deployment
Are there any limitations on values set by admins (or other roles) in protocols you integrate with, including restrictions on array lengths?
No.
Is the codebase expected to comply with any specific EIPs?
The codebase is expected to comply with EIP-1271 (simple signature verification).
Context:
In order to grant units in Superfluid GDA pools, we rely on a third party tool : Stack (see stack.so).
Stack essentially allocates "points" to users based on onchain activity.
On user requests (i.e. when users need to claim these points that are representing pool units), Stack generate a signature that contains user related details and the amount of units to be claimed.
The contract verifies that the signature is originated from a Stack whitelisted signer and allocate the units once the signature is verified.
Are there any off-chain mechanisms involved in the protocol (e.g., keeper bots, arbitrage bots, etc.)? We assume these mechanisms will not misbehave, delay, or go offline unless otherwise specified.
Yes, as mentioned above, the protocol rely on off-chain signature from a third party to grant GDA pool units to users.
Additionally, Superfluid will run some offchain monitoring system to ensure that programs do not overrun their duration (see PROGRAM_DURATION in FluidEPProgramManager).
Upon detecting an approaching end of a program a transaction call to stopFunding will be performed, ensuring that the different streams inherent to a program are closed on time. It is assumed that these calls will be performed on time.
What properties/invariants do you want to hold even if breaking them has a low/unknown impact?
While the boolean
UNLOCK_AVAILABLEis set tofalse(initial phase), the sum of all tokens distributed throughFluidEPProgramManagershould be equal to the sum of all tokens inside theFluidLockerinstances plus the undistributed amount (still held in theFluidEPProgramManagercontract)Token distributed through the
FluidEPProgramManagershould always land in aFluidLockerinstance (until withdrawn).The sum of all the token distributed to
FluidLockerinstance and distributed to the tax distribution pool (ifsubsidyFundingRateis not null) should be equal to the sum of all token distributed through theFluidEPProgramManager.
Please discuss any design choices you made.
FluidEPProgramManager.stopFundingfunction permissionless.- This ensure that any actor is able to close the streams to the program pool and the tax pool when a program reaches its completion. This is important as funds from multiple program will be held by the
FluidEPProgramManagercontract and stream will not necessarily be liquidated if there are still funds to provision them. - Superfluid will necessarily monitor the program and their end date but having this method permissionless also allow external actors to participate in the healthiness of the protocol.
- This ensure that any actor is able to close the streams to the program pool and the tax pool when a program reaches its completion. This is important as funds from multiple program will be held by the
FluidEPProgramManager.stopFundingcan create dust.- Superfluid streams involve flow rates which imply calculation inaccuracy due to Solidity lack of floating points number supports. This means that when stopping program (although early stops compensation are in place) some dust loss may incur to users. The design accepts and acknowledge this fact it would require an extra intensive calculation for a very minimal amount of token per user (less than a gwei in order of magnitude). These funds will not necessarily be lost forever as other program will essentially stream these funds at some point in time.
Stakers units in the tax distribution pools :
- Due to Superfluid General Distribution Agreement implementation and technical rules, the units held by stakers are downscaled. GDA pool do not allow the total amount of units in a GDA pool to be higher than the flow rate. Therefore, the down scaling factor is 0.01 Token staked is equal 1 units. This imply that staking less that 0.01 Token will not yield any returns.
Please provide links to previous audits (if any).
N/A
Please list any relevant protocol resources.
Superfluid Docs :
https://docs.superfluid.finance/
Superfluid SuperToken Docs :
https://docs.superfluid.finance/docs/protocol/super-tokens/overview
Superfluid GDA Docs :
https://docs.superfluid.finance/docs/protocol/distributions/overview
Additional audit information.
It is suggested to look carefully at below functions :
In
FluidEPProgramManager:startFundingstopFundingcancelProgram
In
FluidLocker:unlock
It is also suggested to ensure that the Token cannot be extracted from FluidLocker instances in any other way than the FluidLocker.unlock function (it can be assumed that beacon upgrades will not offer such possibility).
Total Rewards
Contest Pool
Lead Senior Watson
Judging Pool
Lead Judge
8,500 USDC
7,000 USDC
750 USDC
Status
Scope
Start Time
End Time
Judging Rules
