- Total Prize Pool: $36,500
- HM awards: $25,500
- QA report awards: $3,000
- Gas report awards: $1,500
- Judge + presort awards: 6,000
- Scout awards: $500 USDC
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts March 17, 2023 20:00 UTC
- Ends March 20, 2023 20:00 UTC
Automated findings output for the contest can be found here within an hour of contest opening.
Note for C4 wardens: Anything included in the automated findings output is considered a publicly known issue and is ineligible for awards.
The audit covers three subprotocols for the Canto Identity Protocol:
- Canto Bio Protocol: Allows the association of a biography to an identity
- Canto Profile Picture Protocol: Allows the association of a profile picture (arbitrary NFT) to an identity
- Canto Namespace Protocol: A subprotocol for minting names from tiles (characters in a specific font).
Each subprotocol is contained in a folder (canto-bio-protocol
, canto-namespace-protocol
, canto-pfp-protocol
) and there is a README
in every folder that describes the protocol in more detail.
File | SLOC | Description and Coverage | Libraries |
---|---|---|---|
Contracts (4) | |||
canto-pfp-protocol/src/ProfilePicture.sol | 58 | Profile Picture subprotocol NFT: Allows to reference an NFT that is owned by the user (the holder of the canto identity NFT that is associated with this PFP NFT). 100.00% | solmate/* |
canto-bio-protocol/src/Bio.sol 🖥 | 94 | Biography subprotocol NFT: Allows to mint an NFT with an arbitrary biography. 100.00% | solmate/* solady/* |
canto-namespace-protocol/src/Namespace.sol 🖥 | 141 | Namespace subprotocol NFT: Represents a name with characters in different fonts. - | solmate/* solady/* |
canto-namespace-protocol/src/Tray.sol 🧮 | 180 | Namespace NFTs are fused with trays that are bought (or traded on the secondary market). - | erc721a/* solmate/* solady/* |
Libraries (1) | |||
canto-namespace-protocol/src/Utils.sol Σ | 214 | Utilities for string/SVG manipulations that are used by the Namespace and Tray contract. - | solmate/* |
Total (over 5 files): | 687 | 100.00% |
File | SLOC | Description and Coverage | Libraries |
---|---|---|---|
Contracts (3) | |||
canto-identity-protocol/src/AddressRegistry.sol | 47 | - | solmate/* |
canto-identity-protocol/src/SubprotocolRegistry.sol | 64 | - | solmate/* |
canto-identity-protocol/src/CidNFT.sol | 300 | - | solmate/* |
Total (over 3 files): | 411 | - |
- erc721a/ERC721A.sol
- solady/utils/Base64.sol
- solmate/auth/Owned.sol
- solmate/tokens/ERC20.sol
- solmate/tokens/ERC721.sol
- solmate/utils/LibString.sol
- solmate/utils/SafeTransferLib.sol
All three subprotocols are Canto Identity Protocol subprotocols, so it might be helpful to look at this codebase to understand the subprotocols better. The code (folder canto-identity-protocol
) was already audited in a previous audit and is out of scope for this audit. It is only included as additional context.
- If you have a public code repo, please share it here:
- How many contracts are in scope?: 5
- Total SLoC for these contracts?: 687
- How many external imports are there?: 14
- How many separate interfaces and struct definitions are there for the contracts within scope?: 1
- Does most of your code generally use composition or inheritance?: Inheritance
- How many external calls?: 5
- What is the overall line coverage percentage provided by your tests?: 100
- Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: true
- Please describe required context: Understanding Canto Identity Protocol (which was previously audited) is helpful, as these are subprotocols for it. But it is not strictly required
- Does it use an oracle?: No
- Does the token conform to the ERC20 standard?:
- Are there any novel or unique curve logic or mathematical models?: No
- Does it use a timelock function?: No
- Is it an NFT?: Yes
- Does it have an AMM?: No
- Is it a fork of a popular project?: false
- Does it use rollups?: false
- Is it multi-chain?: false
- Does it use a side-chain?: false
To run the tests including a gas report, run the following command in every folder (canto-bio-protocol
, canto-namespace-protocol
, canto-pfp-protocol
):
npm install && forge test --gas-report
slither works without problems in canto-bio-protocol
and canto-pfp-protocol
, but cannot analyze the code in canto-namespace-protocol
because of the following error:
unresolved reference to identifier _BITMASK_ADDRESS
rm -Rf 2023-03-canto-identity || true && git clone https://github.com/code-423n4/2023-03-canto-identity.git -j8 --recurse-submodules && cd 2023-03-canto-identity && foundryup && cd canto-bio-protocol && npm install && forge test --gas-report && cd .. && cd canto-namespace-protocol && npm install && forge test --gas-report && cd .. && cd canto-pfp-protocol && npm install && forge test --gas-report && cd ..