Mochi X Code4rena: $80k Audit Contest

Mochi has partnered with Code4rena for a 1-week audit contest starting TODAY.

The contest runs through 10/27, with $80k in prizes! 💰

This is not a bug bounty — the contest has guaranteed payouts for all legit findings.

For more on Code4rena and the contest, join the C4 Discord and visit the contest page.

Mochi has thrown down the gauntlet in Code4rena and is calling on all auditors.

Tell all your friends and neighborhood security researchers! 🕵️🔎

Mochi is a stablecoin protocol that puts your NFTs and long-tail assets to work as collateral while maintaining exposure to their long-term value.

Mochi team members will be available in the Code Arena Discord to answer any questions during the contest period.

The main focus will be to find bugs, logic errors, and vulnerabilities. Another important goal is to find ways to optimise ​gas costs for users interacting with the protocol.

Why Code4rena?

Code4rena’s (C4) community-driven audit contest approach adds an extra layer to our efforts to protect users from risks and helps secure the Mochi protocol in a unique and innovative way.

C4’s ecosystem has the following components:

  • Wardens: The auditors who continuously test the protocol code to hunt for vulnerabilities.
  • Sponsors: The protocol team that puts up their contracts for audits. They are responsible for creating the prize pools.
  • Judges: They allocate awards to the Wardens based on their performance.

Mochi Code4rena Details

  • Start: October 21, 2021, 00:00 UTC.
  • Ends: October 27, 2021, 23:59 UTC.
  • Main award pot: $70,000 of ETH
  • Gas optimization pot: $10,000 of ETH
  • Registration: Join C4 discord.
  • Submit findings: Use the C4 form.
  • Read guidelines here.

The two classes of smart contracts you will be auditing are:

  • Core
  • CSSR


  • MochiEngine.sol: The contract where all the contracts are connected. Contract addresses are registered and modified through governance.
  • NoDiscountProfile.sol: The contract will be giving out discount info when Mochi has the discount event scheduled.
  • Usdm.sol: This represents stable coin(ERC20) minted while borrowing through `MochiVault`. Flash minting is supported. Minting can only be executed through “USDMMinter.
  • USDMMinter.sol: USDM can only be minted through this contract. Initially, any vault deployed through MochiVaultFactory can execute the mint function.
  • MochiNFT.sol: Every NFT represents a position of debt. When users deposit/withdraw/borrow/repay through MochiVault, it means the action occurs in position. Every action of MochiVault requires an NFT position. NFT minting should only be able through MochiVault deployed through MochiVaultFactory.
  • MochiVault.sol: Vault is deployed per asset(ex. USDC, DAI, YFI, WETH, etc.). And every vault is a minimal beacon proxy deployed through MochiVaultFactory to reduce deployment costs.
  • MochiVaultFactory.sol: This is the contract that deploys a minimal beacon proxy that uses MochiVault as a template.
  • DutchAuctionLiquidator.sol: This is the contract that can call the liquidate function for vaults. DutchAuctionLiquidator has two steps for liquidation. (1) trigger (2) settle. (1) trigger will start the dutch auction for liquidation, (2) settle will be done through buying out the dutch auction.


Via the CSSR contract, Mochi can use most tokens with appropriate liquidity on DEXes to mint the USDM stablecoin. The CSSR is composed of 3 parts:

  • Router: Routes request to appropriate adapter/source to get the price.
  • Adapter: A data processing unit that’s used to convert the price for a certain token. (Eg. The UniswapV2LPAdapter is used to calculate UNI V2 LP token price).
  • Source: The data source for getting the token price (Eg. Uniswap V2 CSSR, SushiSwap V2 CSSR).

About Code4rena

Code4rena aims to improve user security in the DeFi ecosystem, encouraging a more thorough auditing process by economically incentivizing a swarm of auditors. The C4 audit contests have been designed to be a complementary addition to DeFi security practices and aim to help make protocol security coverage faster, more efficient, and more rigorous.

Discord | Guidelines | Contest | Form

About Mochi

Mochi puts your NFTs and long-tail assets to work as collateral while maintaining exposure to their long-term value. An autonomously governed protocol, Mochi bridges the gap between NFTs and DeFi to pioneer a new way to maximize the utility of emerging digital assets.

Twitter | Discord | Telegram | Whitepaper | Website




Autonomously Governed Decentralized Stable Currency Protocol Fully-Backed by Long-Tail and Yield-Bearing Asset Markets

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Week 72 with EPNS

Is there any Cyber security threats management legislation exists in Pakistan?

{UPDATE} Penguin Diner Dash Hack Free Resources Generator

6 Reasons to select IP CCTV Solution for Business

Must-Have Encryption Software to Protect Your Data in Case of a Device Loss or Theft

Which one is more private VPN or Private Browsing

Nullbyte-1: Vulnhub Walkthrough

Do you care about your Cyber security?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mochi Finance

Mochi Finance

Autonomously Governed Decentralized Stable Currency Protocol Fully-Backed by Long-Tail and Yield-Bearing Asset Markets

More from Medium

How to Mint a Fantom Wizard

Knottscary Farm

Introducing Cryptobanks: