Maple is back in the Code4rena for a smart contract audit contest

Maple is excited to be back in the Code4rena, this time to discover bugs and threats to our new smart contracts. The new smart contracts include updates to fee structures, refinancing capabilities and structures.

Security is Maple’s top priority, and we recently earned an impressive 92% in a Process Quality Review from DeFi Safety indicating how closely our security, testing, auditing, validity processes and documentation follow best-practice. Committed to safety, we call on all developers and hackers to become wardens of the Maple code and win their share of the $50,000 USDC prize pool.

The contest is set to discover threats and vulnerabilities across 5 core areas:

• Locked funds: Ensure that there is no way for funds to get locked in the xMPL, Migrator or Loan smart contracts.
• Stolen funds: Ensure that any funds held custody by contracts cannot be maliciously withdrawn.
• Invariants: Ensure that all invariants outlined in the xMPL and RDT repos are upheld.
• Accounting exploitation: Ensure that no users can exploit or manipulate accounting to their favor.
• Refinancing: Ensure that the Refinancer contract cannot be used maliciously to exploit the Loan.

Contest starts March 17, 2022 00:00 UTC and runs until March 21, 2022 23:59 UTC. Learn more, and get involved.

What’s in the new smart contracts release?

The new smart contract release updates the original v2.0.0 release, with the following changes:

• Updates fee structure to move from an upfront establishment fee to an ongoing fee that is paid on every payment.
• Updates the refinancing capabilities to include a refinance deadline as well as the ability to reject refinance terms.
• Adds unpaid interest to the subsequent payment after a refinance.

The difference of the code can be found here, which contains all code that is in scope for the audit: https://github.com/maplelabs/loan/compare/v2.0.0...v3.0.0-beta.1

More information on Code4rena

Code4rena takes a community-driven approach to auditing with valuable incentives that ensures enough coverage to give sponsors a meaningful and valuable audit without putting the burden on any one person to do a ’good enough job’ catching every bug — a burden that burns out traditional auditors.

The players in the arena are:

• Wardens: Protect the DeFi ecosystem from threats by auditing code.
• Sponsors: Create prize pools to attract wardens to audit their project.
• Judges: Allocate awards to wardens based on performance.

C4’s audit contests are different to bug bounty contests and use a unique Incentive Model and Awards structure. To incentivize wardens, C4 uses a unique scoring system with two primary goals: reward contestants for finding unique bugs and also to make the contest resistant to Sybil attack. A secondary goal of the scoring system is to encourage contestants to form teams and collaborate.