dForce Admin Multi-sig Administration Addresses Name address link Signer A 0x5eDd0C6037f6F30974E53f5C829073fF8b356fB9 link

Vulnerability details function delegateBySig doesn't cover case when delegatee = address(0), malicious users can lock other user's NFT(funds). The delegateBySig() function does not validate the delegatee address. when call delegateBySig(delegatee=address(0)), the delegatee is still self, but user checkpoints.votes will be reduced. it will cause the NFT(funds) of the user being delegate to be locked, can no set other delegatee or NFT transfer https://etherscan.io/address/0x6050B7040cF4Ae3e60c3c1A5d0367B565a1460C1#writeContract

Mainnet Name totalMint Cap Address MSDController - - 0x45677a101D70E9910C418D9426bC6c5874CE2Fd7

Mainnet address link multisig 0x145c79A1F0e1Ad5ad7fC8d99548a02A07B24F8FD link proxyAdmin

To create a Liquidity-Swap facility for USX-DF, which enables the protocol to swap its protocol-minted USX for DF liquidity in the market. Mainnet LiquiditySwap(CurvePrice(USDC) Pulsar sDF) Contract Name Contract Address Link implementation 0xe45242483CDC310dE7BEF3cDB8545aB1aF31eB43

LSR Ethereum Contract address Contract Name Contract Address Link LSRFactory 0xf56F6349B1b57E96c65a79Fc782A046F44b8f0DE link

Assets Contracts msd controller 0x45677a101D70E9910C418D9426bC6c5874CE2Fd7 link fixed interest model 0x22961D0Ba5150f97AE0F3248b4c415875cBf42d5 link

Farm-Liquidity API：https://beta.dforce.network/staking/getRoiAllChain Update-2023-08-18 Network Venue Type Pools Reward

ABI All abi can be found in https://github.com/dforce-network/Oracle/tree/dev/abi Contract ABI Oracle Oracle.json Oracle Mainnet

Notice: Gas consumption Library version (To verify later) Steps: Cooperate with product team to confirm features and design implementation Implementation + Verify Formal Verification + Audit Testnet Launch + Bounty Programs Mainnet Alpha Launch

USX DEX Volume 24H交易量、24H新增用户数、24H交易笔数 累计交易量、累计用户数、累计交易笔数 网络 DEX Pair Address

Feature Requirement 1. Liquidity Management Measure user's liquidity position, eg: generate one NFT for each user's pool, calculate "liquidity" just like Uniswap V3 does to measure user's deposits and real-time value of the pool. Therefor, third-parties can build further features and derivatives on top of those liquidity positions, just like they do with cToken, LP tokens. Handle multiple users in the same pool to avoid liquidity fragments, eg: manage assets in one pool of multiple users with the same strategy, like in Uniswap V3, assets of USDC/USDT pool from multiple users with the same fee will goes to the same place(the same contract). Adopt EIP-3525 if possible, facilitate NFT partial transfer. 2. Multiple Router Support ERC20 router, support USX in the future.

Bounty Program on Testnet Target The bug bounty program is focused around smart contracts of AMM and is mostly concerned with issues stated in the "Impacts and Level" section. All bug reports must come with a PoC in order to be considered for a reward, bug reports without a PoC will be rejected. Critical vulnerabilities for smart contracts are further defined by the following conditions. All need to be met in order to get the classification of critical. Allow attacker(s) to take away collateral tokens for at least 10% in dollar value of collateral tokens from the system. Are applied to a real situation and triggered through an attack vector rather than theory or hypothesis.

ArbitrumOne (09-01) Contracts Addresses Link Multisig 0x9d82033BB36217B44567edC635bE926f74D1b76f link proxyAdmin

Chains Onboard Criterions Chains Review Testnet Before Launch Open Source After Launch Bug Bounty Lists Date Name

optimism -- [x] reward treasury: 0x7B598182875Df02236eEa8a3e264f9376511D5ad [x] lsr(stable): 0x55316C01E396692367E153819c2F504399fb81e0 vaults -- [x] oracle: 0x2b575CFE387667b0A0B59Ca5Dd877A387D8Cbd2B [x] AggregatorProxy: 0xC9d1cbc45dd3e86E98067B7eb279C13F7B77C627 [x] LPCurveGaugeAggregatorModel: 0xa3ffff751dB57b30aabb847d8f3d70C5567Ffe11 [x] iTokenAggregatorModel: 0x8386145Dd223D7F23a14490079D40627B252eeA4 [x] Treasury: 0xC462fF1063172BAC6f6823A17ED181a0586f0FC8

Ethereum Addresses address link Timelock 0xCFa40e4Bbab7dEE43f9C6f94d331703270AF1322 link DF

Ethereum @Mar. 10 implementation Contract Name Contract Address Link ControllerMiniPool impl 0x41dcDb725353FF64A131F76DE32c06D6531b46b2 Link

Contract address veDF Contract Name Contract Address Link StakedDF 0x41602ccf9b1F63ea1d0Ab0F0A1D2F4fd0da53f60 link

Optimistic (11-26) Contracts Addresses Link MultiSig 0xebAA48d1C4129E93A1d286B01B56cc4981c30004 link Timelock