Butter addresses misalignment and capture in crypto governance through robust mechanisms. The current focus is to solve treasury allocation for the largest DAOs within the Ethereum ecosystem by deploying Conditional Funding Markets, based on futarchy and prediction markets.
For more information about Butter, please visit https://buttery.gg
Evaluating
Triaged by Immunefi
PoC required
KYC required
Select the category you'd like to explore
Assets in Scope
Impacts in Scope
Asset Accuracy Assurance
Bugs found on assets incorrectly listed in-scope will be considered valid and be rewarded.
Build commands, Test commands, and instructions on how to run them:
- forge soldeer install
- forge build
- forge test
- FOUNDRY_PROFILE=itest forge test # integration tests with actual ConditionalTokens and Wrapped1155Factory contracts
- FOUNDRY_PROFILE=ftest forge test # fork tests
What ERC20 / ERC721 / ERC777 / ERC1155 token standards are supported? Which are not?
Tokens that we will recommend to use as ERC20 collateralToken (We will filter out of our frontend any instances of FlatCFM that don’t follow guidelines):
- The play money collateral token generated through cfm-v1-playmoney factory
- USDC
- DAI
- sDAI https://github.com/makerdao/sdai?utm_source=immunefi
- USDS https://github.com/makerdao/usds?utm_source=immunefi
- sUSDS https://github.com/makerdao/sdai/tree/susds?utm_source=immunefi
- GHO (https://github.com/aave/gho-core/tree/main/src/contracts/gho)
- USDe (https://github.com/ethena-labs/code4arena-contest/tree/main/protocols/USDe/contracts)
- StakedUSDeV2 (https://github.com/ethena-labs/code4arena-contest/tree/main/protocols/USDe/contracts)
Which chains and/or networks will the code in scope be deployed to?
Unichain
Where do you suspect there may be bugs?
- In the way payouts are reported to ConditionalTokens
- In Reality state management: we need to make sure our questions don’t get stuck
- In handling unknown ERC20 tokens as part of ConditionalScalarMarket functions
- State management (reentrancy…) in the factory and in ConditionalScalarMarket
What external dependencies are there?
- RealityETH v3
- ConditionalTokens
- Wrapped1155Factory
Where might Security Researchers confuse out-of-scope code to be in-scope?
See all dependencies, plus ERC20 tokens that might be used as input -> these are all out of scope but need to be understood in great detail.
Are there any unusual points about your protocol that may confuse Security Researchers?
It’s making use of conditional tokens which aren't obvious to understand.
Which chains?
Deployment is planned on Unichain mainnet as soon as available. Other EVM deployments can happen in the future.
What external contracts (dependencies) is this project relying on?
There are two main dependencies: ConditionalTokens and RealityETH.
ConditionalTokens is a contract produced by Gnosis. Butter is planning on deploying identical versions to Unichain mainnet (see repositories:
ConditionalTokens and Wrapped1155Factory), These contracts reuse an exact version that has already been audited, with no changes to the Solidity version. However, they are not included in the scope of this Audit Competition.
RealityETH version 3.0 is used. It is expected that the Arbitrator used is Kleros. Kleros might require some arbitration fee (see here).
Previous Audits
Butter’s completed audit reports can be found at https://github.com/immunefi-team/audit-comp-butter-cfm-v1/tree/main/audits. Any unfixed vulnerabilities mentioned in these reports are not eligible for a reward.
Manipulation of governance voting result deviating from voted outcome and resulting in a direct change from intended effect of original results
Permanent freezing of funds
Protocol insolvency
Theft of unclaimed yield
Permanent freezing of unclaimed yield
Temporary freezing of funds for at least 1 hour
Unbounded gas consumption
Block stuffing
Smart contract unable to operate due to lack of token funds
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Theft of gas
Temporary freezing of funds for at least 10 minute
Out of scope
Smart Contract specific
- Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
- Impacts requiring basic economic and governance attacks (e.g. 51% attack)
- Lack of liquidity impacts
- Impacts from Sybil attacks
- Impacts involving centralization risks
All categories
- Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
- Impacts caused by attacks requiring access to leaked keys/credentials
- Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
- Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
- Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
- Best practice recommendations
- Feature requests
- Impacts on test files and configuration files unless stated otherwise in the bug bounty program
- Impacts requiring phishing or other social engineering attacks against project's employees and/or customers