PTIP-16: C4 Audit Contest

Retrospective

The C4 Auditing Contest was a big success! The auditing contest included several core contracts and yield sources contributed by the community. You can see the full scope of the audit here.

Over the past month the PoolTogether Inc. team has been working on the issues found in the C4 Contest. The competition revealed over 130 bugs and optimizations, but did not find any issues concerning the safety of user funds. Funds are SAFU! Only one major bug was discovered in our live code, which allowed users to withdraw from the pool without paying exit fees. This bug has been fixed in the builder and a patch is being deployed in PTIP-29 for older governance-managed pools.

The quality and depth of the audit was impressive; especially for such a nascent group. PoolTogether is thrilled to partner with Code 423n4 to continue growing the security community.

See the full list of issues here (will soon be public).

2 Likes