DAI payout (26/07/2022-25/08/2022) - luzzifoss

As per the original worker proposal’s terms (visible here) I’m asking for 9000 xDAI in total to be sent to DevX’s wallet (DevX.eth).

Proof of work


On Swapr I’ve deployed the core and periperhy contracts and added support for the Arbitrum Nitro testnet on both the SDK, the dapp, and added the new contract addresses to the core and periphery libraries.

Additionally, I’ve reviewed the implementation of the new protocol fee split feature on the fee receiver smart contract. It was a pretty comprehensive review, that anyone can see here.

I’ve also reveiewed the Hardhat migration of the periphery contracts here.

Aaaand I’ve reviewed the implementation of the new swap relayerc smart contract here.

In the month of August we also saw a hack of the fee receiver contract. I was quickly called in the war room and I was able to identify exactly how the exploit worked, which is nice. I’ve build a reproduction of how the hacker manager to steal the protocol fees here right after, with comprehensive comments explaining step by step what’s happening.


It was a busy month for Carrot because the preliminary audit report from Sigma Prime came back. I’d say overall it was pretty good with 3 mediums, 1 low and 7 informationals. No critical nor high vulns were found, which is always nice. Most of the month was then dedicated to addressing the preliminary report, working towards a final report from Sigma.

On the v1 contracts I have:

  • Added the minimum payout, lower and higher bound to the oracle creation script, allowing to create test ERC20 KPI tokens in a better, more complete way.
  • Remove an extra unchecked, addressing an issue in the audit report.
  • Updated the Foundry config file after a Foundry update.
  • Added gas snapshots to gitignore.
  • Added a bunch of minor gas optimizations.
  • Fixed a couple typos in both code and natspec doc.
  • Removed a pointless initialization check in the finalize function of the ERC20 KPI token.
  • Optimized storage layout a bit so that all collateral-related functions are a bit more cheap gas-wise (recoverERC20, registerPostFinalizationCollateralAmounts, collectCollateralsAndFees, redeem and others).
  • Slightly changed events structure.
  • Removed unused Solidity errors.
  • Removed some redundant checks.
  • Slightly optimized gas usage when emitting event on ERC20 token initialization.
  • Implemented a unified base template manager contract to avoid code duplication as much as possible. The base templates manager implements shared functions such as addTemplate, removeTemplate, upgradeTemplate, updateTemplateSpecification, template view function, and others. Each specific manager (KPI tokens and oracle) will then inherit from this base contract.
  • Reviewed the code/dir structure to account for different template manager versions. Each template manager will be immutable, but it’s possible to update them to different versions by setting them in the factory contract. A bit like what Uniswap does with its router, which is immutable, but supports updated deployments.
  • Fixed the remove template logic in the base manager after the audit showed an issue.
  • Improved the documentation on the base template manager enumerate function to make it clear exactly what it does (addresses audit point).
  • Updated the Reality.eth oracle to exclusively work with Reality.eth v3 (resultForOnceSettled support) and avoiding unsafe typecasting in the process (addresses audit point).
  • After all the previous changes, updated the deploy script to actually work again.
  • Added a value check when instantiating oracles in the ERC20 KPI token contract, making sure that the total value that needs to be sent to oracles is actually matches by the value sent along with the tx.
  • Deployed the whole contract suite to Goerli, abandoning Rinkeby.

Proof here.

On the alpha frontend I have:

  • Removed the previous featured campaigns
  • Added new campaigns,
  • Prepared the release of the new versions with the newly featured campaigns.

Proof here.

On the core SDK I have updated the IPFS gateway after issues with campaigns loading. The new version was included in the latest releases. Proof here.

On the v1 SDK I have implemented major changes in structure and functionality (also added Goerli support). Proof here.