How did code4rena and the community help secure Liquidity Book?

In this Twitter space, host [Blue]( speaks with [Louis]( [Alex]( and [Vee]( to discuss how [code4rena]( and the community helped [Trader Joe]( secure the Liquidity Book development.

​

Read our notes below to learn more

​

**Louie’s role**

* Smart contract engineer of Trader Joe.

​

**Vee’s role**

* Handles growth and partnerships in code4rena.

​

**Alex’s role**

* Judge over 10 contests this year.
* Security researcher which is called Wardens.

​

**What is code4rena**

* A security auditing platform with a mission to fund as many bugs as possible and as fast as possible.
* Their unique model called competitive audits differs from traditional audits and bug bounty programs.
* Competitive audits 3 main players, the sponsors a.k.a. protocols, security researchers a.k.a. wardens and judges.
* Sponsors create a prize pool to attract wardens then wardens compete to find as many bugs as possible within a limited amount of days and independent judges assess the findings, allocate the rewards to the wardens.

​

**What is the Liquidity Book**

* Code4rena made a new system that simplifies all the flow between the actual protocol and the wardens.
* Liquidity Book is a concentrated liquidity model with novel things such as prices are constant within the bin and between each bin, the price increases or decreases depending on how the user wants to move.
* It also has a variable fee that adds some volatility measurements which mitigates the impermanent loss and the volatility of the pair the user is LP-ing into.
* Uses discretized bins that help using sequences of NFTs so instead of having every position represented by 1 NFT where users need to withdraw the entire position, they can instead withdraw a share of it.

​

**How code4rena process works**

* The most important contracts were 5 and there’s bunch of libraries, utilities and abstractions.
* The sponsor sends the report over to one person in code4rena and based on the amount of lines of codes, dependencies and how complicated the code base is, the sponsor will come up with a specific quote.
* Whatever the amount of the pot, it will always be paid out no matter what and serves as a guarantee for the wardens.
* The wardens will have a week to find as many findings as possible and based on the quality of their work, they’re going to win a portion of the pot.

​

**Thoughts on Trader Joe’s contest**

* The amount of proof of concepts in finding was extremely high which is an estimated guess of 70% that wasn’t immediately scrapped.
* It shows the synergy of the project that uses code4rena at a late stage where the $JOE team did an audit, already had high coverage and all of the report was ready to go.
* The audit was very great.

​

**Growth of code4rena**

* Its model has become really popular and more people talk and learn about it.
* Have managed to facilitate a community of security researchers where everyone can participate.

​

**How the prizes work**

* Once a sponsor has agreed to a specific pot size, that is a commitment to a specific payout and also goes in a multi-seg that is going to be paid out to the security researchers.
* The main goal of a judge is to find the correct high quality and severity findings.
* Each high severity finding is awarded 10 points.
* If somebody else has the same high severity finding, the warden will still get 10 points but it will be multiplied by an exponential factor that ends up making it worthless.
* The number of findings a warden has is multiplied by an exponential factor that punishes duplicates, then it’s just summed up and divides the pool by those awards.
* There’s a separate pool for QA and gas findings that are submitted as separate reports.

​

**Thoughts on the bear market**

* Overall, the numbers have been going up.
* Code4rena is one of the few businesses that is profitable in this space.

​

**How to get onboarded with code4rena**

* The easiest way is to join their Discord. Either people want to become a warden or a sponsor.
* The organization is flexible and the new initiative has been the private contests.
* After the sponsor performs the fixes, they can go back and have a private contest for the top 10 wardens for example to ensure everything is being properly fixed.

​

**Q&A:**

***Q: Do exploits involving logic and economics, that do not involve smart contract errors, are also being audited?***

* There are wardens that work in the economic model side of other DAOs.
* You will find a lot of economic attacks in a contest such as this.

​

***Q: How do libraries work?***

* Code4rena will group them all up, sorting by severity and by scoring the best QA and best gas report then it’s going to be turned into a report that people can check at the website which is code4rena.com/reports.

**Check out these important links**

* [Follow Revelo Intel for more notes like this](
* [Listen to the original Twitter space](

View Source

Leave a Comment