Skip to content
This repository has been archived by the owner on Nov 27, 2024. It is now read-only.

Commit

Permalink
add audit report
Browse files Browse the repository at this point in the history
  • Loading branch information
@AustinGreen
AustinGreen committed Jan 5, 2024
1 parent ecea4e4 commit f6a3bbd
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
16 changes: 8 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ We've received three audits from Spearbit and one from Code4rena. You can find l
- [Llama Spearbit Audit (June 2023)](https://github.com/llamaxyz/llama/blob/main/audits/Llama-Spearbit-Audit.pdf)
- [Llama Code4rena Audit](https://github.com/llamaxyz/llama/blob/main/audits/Llama-Code4rena-Audit.md)
- [Llama Spearbit Audit (August 2023)](https://github.com/llamaxyz/llama/blob/main/audits/Llama-Spearbit-Audit-2.pdf)
- Llama v1.1.0 Spearbit Audit (report coming soon)
- [Llama v1.1.0 Spearbit Audit (January 2024)](https://github.com/llamaxyz/llama/blob/main/audits/Llama-Spearbit-Audit-3.pdf)

### Bug bounty program

Expand All @@ -132,14 +132,14 @@ Llama policyholders are trusted participants of a Llama instance based on what t

We adapted the [Immunefi Vulnerability Severity Classification System](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-3/) to determine classification.

| **Level** | **Example** | **Maximum Bug Bounty** |
| ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| 5. Critical | - Unauthorized action state transitions<br>- Major manipulation of approval or disapproval results<br>- Vulnerabilities in the roles and permissions system that result in unauthorized ability to create, approve, or disapprove actions<br>- Permanent freezing of funds in accounts | Up to 100,000 USDC |
| **Level** | **Example** | **Maximum Bug Bounty** |
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| 5. Critical | - Unauthorized action state transitions<br>- Major manipulation of approval or disapproval results<br>- Vulnerabilities in the roles and permissions system that result in unauthorized ability to create, approve, or disapprove actions<br>- Permanent freezing of funds in accounts | Up to 100,000 USDC |
| 4. High | - Minor manipulation of approval or disapproval results that are unlikely to affect outcomes<br>- Minor vulnerabilities in the roles and permissions system that are unlikely to affect outcomes<br>- Temporary freezing of funds in accounts | Up to 20,000 USDC |
| 3. Medium | - Griefing that disrupts an instance's action flow | Up to 5,000 USDC |
| 2. Low | - Contract fails to deliver promised returns, but doesn't lose value | Up to 1,000 USDC |
| 1. None | - Best practices | |
| Not sure? | | Email us |
| 3. Medium | - Griefing that disrupts an instance's action flow | Up to 5,000 USDC |
| 2. Low | - Contract fails to deliver promised returns, but doesn't lose value | Up to 1,000 USDC |
| 1. None | - Best practices | |
| Not sure? | | Email us |

Email us at [[email protected]](mailto:[email protected]) to get in contact.

Expand Down
Binary file added audits/Llama-Spearbit-Audit-3.pdf
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion docs/actions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Actions are composed of the following parameters:

## Key Concepts

- Llama Instance: The unique `LlamaCore`,`LlamaPolicy`, and `LlamaExecutor` addresses for a deployment.
- Llama Instance: The unique `LlamaCore`, `LlamaPolicy`, and `LlamaExecutor` addresses for a deployment.
- [`LlamaCore`](https://github.com/llamaxyz/llama/blob/main/src/LlamaCore.sol): Manages the action process from creation to execution.
- Actions: Proposals made by policyholders to execute onchain transactions.
- Strategies: A contract that holds all of the logic to determine the rules and state of an action. For example, strategies determine whether or not an action is approved/disapproved, canceled, or able to be executed. They also determine details around who is allowed to cast approvals/disapprovals.
Expand Down

0 comments on commit f6a3bbd

Please sign in to comment.