# 代码审计需求评估 ###### tags: `External` ### 审计代码范围 - primitives - https://github.com/bifrost-finance/bifrost/tree/v0.9.2-audit/node/primitives/src/currency.rs - 简要描述：Bifrost链上基础资产CurrencyId的组成、格式及方法的定义。 - It defines the composition, format and methods of the CurrencyIds on the Bifrost chain. - 注意事项：因业务需求，资产需要在不同格式之间转换。可关注资产转换的正确性及覆盖性。 - Note: According to business requirements, assets need to be converted between different formats. Pay attention to the correctness and coverage of assets conversion. - ~~runtime (不审计)~~ - ~~https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/runtime/bifrost/src/lib.rs~~ - ~~简要描述：将Substrate底层基础模块及Bifrost的各业务组成模块整合在一起的地方。~~ - ~~The place where the underlying basic modules of Substrate and the various business components of Bifrost are integrated.~~ - ~~xcm (不审计)~~ - ~~https://github.com/bifrost-finance/bifrost/tree/v0.9.2-audit/xcm-support/~~ - ~~简要描述: 公共类库接口，封装了一些跨链操作的接口,类型和实现.~~ 具体功能: - flexible-fee - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/flexible-fee/src/fee_dealer.rs - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/flexible-fee/src/lib.rs - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/flexible-fee/src/misc_fees.rs - 简要描述：控制Bifrost链上如何收取交易交易手续费的模块。上线初期，由于用户手上BNC不多且不能转账，若BNC数量不够扣费，我们将按固定的比例收取相应的KSM做手续费。后期会按Bifrost支持列表中的多币种转换方案收取手续费。 - The module that controls how transaction fees are charged on the Bifrost chain. In the initial launch stage, because users have few BNCs and cannot transfer funds, if the number of BNCs is not enough to deduct the fee, certain amount of KSM will be charged as fee. Later on, multi-currency fee plan will be carreid out. - 注意事项：用户如果扣费后剩余币数不能达到尘埃账户最低要求(Native token和非Native token)，是否会产生问题。 - Note: If the user's remaining tokens cannot meet the minimum requirements of account existence (both Native token and non-Native token) after the fee is deducted, will it cause problems? - 具体功能: 参考 https://hackmd.io/SS7b4u7FRAmFH7Nc-vnoag - For more information, please refer to https://hackmd.io/SS7b4u7FRAmFH7Nc-vnoag - vsbond-auction - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/vsbond-auction/src/lib.rs - 简要描述: 提供`vsbond`的交易功能, 目前仅支持创建`vsbond`卖单(用户只能创建单据来出售`vsbond`, 不能创建单据来求购`vsbond`). - The pallet supports the trading functions of `vsbond`. Users can create sell orders by `create_order`; Or buy the sell orders by `clinch_order`, `partial_clinch_order`. NOTE: Pallet does not support users creating buy orders by now. - 具体功能: 参考 https://hackmd.io/hMzYicmZTcqFsKvPGUXGaA - for more information: https://hackmd.io/hMzYicmZTcqFsKvPGUXGaA - salp - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/salp/src/lib.rs - 简要描述: 实现SALP协议(帮助客户在平行链竞拍时筹集流动性)的模块. - The pallet implements the functions of salp. - 具体功能: 参考 https://hackmd.io/vfjs0inPTeec4alCvnEJhA - for more information: https://hackmd.io/vfjs0inPTeec4alCvnEJhA - liquidity-mining - https://github.com/bifrost-finance/bifrost/blob/v0.9.2-audit/pallets/liquidity-mining/src/lib.rs - 简要描述: 支持Bifrost创建/运行/结束一个矿池. - 矿池种类: - mining矿池: 支持质押流动性对代币(LMToken) - farming矿池: 支持质押vsToken与vsBond - eb_farming矿池(early-bird farming): 支持质押reserved状态的vsToken与vsBond. - Give Bifrost the ability to create/run/end a mining pool. - Types of mining pool: - mining: Only liquidity-pair token(LMToken) be permitted to deposit. - farming: Only vsToken(free) and vsBond(free) be permitted to deposit. - eb_farming(early-bird farming): Only vsToken(reserved) and vsBond(reserved) be permitted to deposit. - 具体功能: 参考 https://hackmd.io/desYAYDMRpafCy6Ue5tjAQ - for more information: https://hackmd.io/desYAYDMRpafCy6Ue5tjAQ - ~~lightning-redeem (不审计)~~ - ~~https://github.com/bifrost-finance/bifrost/tree/develop/pallets/lightning-redeem~~ - ~~简要描述：业务上线时释放Bifrost竞拍Kusama卡槽时所保留的KSM，用于提供的vsksm和vsbond初始流动性。~~ - ~~This pallet will release for exchange the KSM kept by Bifrost from the time of its bidding on the Kusama parachain slot, to provide the initial liquidity of vsksm and vsbond at the beginning of the vsToken business going live.~~ - ~~具体功能：参考 https://hackmd.io/cbwS8hWRQumQ-Hz3q7uxkg?view~~ - zenlink - https://github.com/zenlinkpro/Zenlink-DEX-Module/tree/bifrost - 简要描述：为Bifrost提供成对币种交易的场所。Zenlink本身目标是将各个使用了Zenlink服务的平行链的交易宽度和深度打通，但目前Bifrost仅使用了Zenlink的本地交易功能，尚未启动其跨链功能。 - Provide functionalities for token pair trading. Zenlink itself aims to fuse all the transaction width and depth of token pairs together from parachains that uses Zenlink services. However, Bifrost only uses Zenlink's local transaction function currently and has not yet activated its cross-chain function. - 注意事项： - 前期Bifrost仅用Zenlink交易池作为flexible fee的兑换场所。由于Bifrost没有提供路由的选择服务，交易仅会以固定路由执行。上线时Bifrost会提前建好稳定币KUSD与Bifrost支持的所有币种之间的交易池。 - In the early stage, Bifrost will only use Zenlink as a flexible fee exchange venue. Since Bifrost does not provide routing services, transactions will only be executed on a predefined route. Later on, Bifrost will build trading pools between the stable currency KUSD and each currency supported by Bifrost in advance. - repo中的审计范围的内容： - Audit scope for the Zenlink repo: - 整个zenlink-protocol文件夹，不含example, images文件夹 - The entire zenlink-protocol folder, excluding example and images folders - zenlink-protocol文件夹中，要排除以下跨链相关部分： - In the zenlink-protocol folder, the following cross-chain related parts should be excluded: - zenlink-protocol.src.transactor - Zenlink-protocol.src.transfer.mod.rs 文件 - Zenlink-protocol.src.lib.rs中的transfer_to_parachain()函数 - bootstrap: https://github.com/zenlinkpro/Zenlink-DEX-Module/pull/1