- Who you are and a brief description of the feature/project
This is a community proposal from Cap protocol (DAO). As a community driving project, we ask for someone with certain expertise to perform a security audit for the smart contracts that run the protocol. CAP is a protocol for decentralized CFD (Contracts for Differences) trading on Ethereum. CAP provides a censorship-resistant (dark feed oracle network, IPFS + ENS client eth.cap.link) leveraged trading platform for synthetic assets of any type with instant liquidity.
More information can be found here: docs.cap.exchange
- What’s the scope of the review? (e.g. github link, code snippet, private sharing)
The revision will consist on auditing five contracts that can be found on GitHub (protocol/contracts at master · capfina/protocol · GitHub):
- Governance contract: Receives staked CAP and keeps track of votes and proposals. A proposal can be executed once enough “for” votes are reached by the end of the voting period.
- Treasury contract: Holds system and trader assets. These include trader deposits and assets bought by governance. Trader deposits are segregated from funds available for use by governance.
- Products contract: Used to register and keep track of products available to trade. Maximum leverage, spread, and funding rate per block can be set by governance for each individual product.
- Trading contract: Receives orders from clients. These can be of two types: new position or position close.
- Queue contract: Queues orders for processing by the oracle network. Once a price is provided, the order is sent back to the trading contract for execution.
- What kind of review do you need? (e.g. security, high level, gas optimization…)
Analyze design issues, errors in the code and security flaws and vulnerabilities.
- What’s the deadline? (e.g. 2 weeks, a month)
There is no hard deadline, but a timeline of 1 month seems reasonable.
- Optional skills/level required for the reviewers
Expertise with security audits is highly desirable.
- Incentives/Rewards for reviewers
Incentive will be determined and pooled by the community once we agree with the audit terms.