Shadow Arena #013: Tapioca DAO (Full Contest)

Tapioca DAO is a Liquity-inspired CDP shipped inside a cross-chain stack: BigBang mints USDO against ETH (and later non-ETH) collateral, Singularity is a Compound-style isolated lending pair sitting next door, YieldBox is the share-based strategy layer underneath both, and TOFT is the LayerZero-based Omnichain Fungible Token system that lets users move collateral and debt between chains. Code4rena ran the audit in July-August 2023 with 134 wardens, a $390,000 prize pool, and 13,499 SLOC across 5 sub-repos. The contest yielded 60 High + 99 Medium + 79 Low/NC findings -- the largest finding count of any Shadow Arena entry by an order of magnitude. This is the boss fight of the four Liquity-fork picks. You've built Liquity V1, you've audited Gravita's multi-collateral fork, you've audited Lybra's LSD-collateral fork. Tapioca is what happens when the same CDP primitives ship inside a 13,500-line cross-chain stack. We curated 16 findings that map directly onto the Liquity V1 mental model -- the BigBang/USDO CDP bugs, the Singularity liquidation accounting bugs, the YieldBox share-vs-amount confusion, the TOFT cross-chain symmetry breaks, and the oracle/fee pricing inconsistencies. The other 143 findings are bonus material in the linked C4 report if you want to go deeper. Note: Tapioca was exploited in October 2024 for ~$4M via a signer key compromise, an attack vector entirely separate from the 2023 audit findings. The bugs in this entry are pre-exploit, were fixed in the audited codebase, and are not in any active bug-bounty scope. Four weeks. Go.

Scope (13499 SLOC)

File	SLOC	Description
tapioca-bar-audit/	4062	BigBang CDP + Singularity isolated lending pair + Penrose coordinator + MarketERC20 share token + USDO stablecoin
tapioca-bar-audit/contracts/markets/bigBang/BigBang.sol	820	Liquity-inspired CDP: openPosition / borrow / addCollateral / liquidate. USDO is minted on borrow against ETH collateral. Reads getDebtRate() from Penrose, charges borrowOpeningFee, accrues interest via Rebase elastic/base accounting
tapioca-bar-audit/contracts/markets/Market.sol	480	Abstract market base (parent of BigBang and Singularity). _isSolvent() ICR check, computeClosingFactor() liquidation threshold, _getCallerReward() dynamic liquidation incentive, _computeMaxAndMinLTVInAsset() LTV helpers
tapioca-bar-audit/contracts/markets/MarketERC20.sol	280	Share-token base with approve/approveBorrow allowance system. _allowedBorrow modifier checks share allowance for collateral / borrow operations
tapioca-bar-audit/contracts/markets/singularity/Singularity.sol	460	Compound-style isolated lending pair. Liquidation logic in SGLLiquidation.sol, borrow in SGLBorrow.sol, collateral in SGLCollateral.sol, interest accrual in SGLCommon.sol
tapioca-bar-audit/contracts/markets/singularity/SGLLiquidation.sol	360	Singularity liquidation: _updateBorrowAndCollateralShare, _computeAssetAmountToSolvency, swap-and-repay flow via multiSwapper
tapioca-bar-audit/contracts/markets/singularity/SGLCommon.sol	200	Singularity interest accrual: _accrue, _getInterestRate, utilization formula
tapioca-bar-audit/contracts/usd0/USDO.sol	380	USDO stablecoin (Liquity's LUSD analogue). mint/burn permissioning, flashLoan() with ERC-3156 interface, peg maintenance through BigBang collateral backing
tapioca-bar-audit/contracts/Penrose.sol	520	Per-market parameter coordinator (Liquity has nothing analogous; closest cousin is the LiquityBase constants + governance addresses contract). Owns bigBangEthMarket, bigBangEthDebtRate, registerBigBang() with debtStartPoint / debtRateAgainstEthMarket
tapioca-yieldbox-audit/	1820	Yield aggregator strategy layer. ERC-1155 share token for tokenized strategy positions. _toAmount/_toShare conversion (this is where the share-vs-amount confusion in BigBang/Singularity stems from)
tapioca-yieldbox-audit/contracts/YieldBoxRebase.sol	110	Rebase math: 1 amount/1e8 shares pre-burned to prevent first-depositor inflation. toAmount/toShare conversions used throughout BigBang and Singularity
tapioca-toft-audit/	3210	tapiocaz / Omnichain Fungible Token (LayerZero OFTV2). TapiocaOFT wraps an ERC20 or native token; mTapiocaOFT is the mirror on remote chains. exerciseOption, removeCollateral, sendForLeverage, retrieveFromStrategy all bridge BigBang/Singularity operations cross-chain
tapioca-toft-audit/contracts/tOFT/BaseTOFT.sol	580	Cross-chain operation router: exerciseOption, removeCollateral, retrieveFromStrategy, sendForLeverage. These are the host-chain entry points; receive() side lives in modules/
tapioca-tap-token-audit/	2410	TAP governance/value-accrual token + TapiocaOptionBroker + twAML weighted-average-magnitude-lock pool + oTAP option NFTs + twTAP reward distributor
tapioca-tap-token-audit/contracts/options/TapiocaOptionBroker.sol	380	twAML pool: participate() mints oTAP NFT and adds weight to pool.cumulative + pool.averageMagnitude. exitPosition() removes weight when the lock expires. The accumulator is structurally similar to Liquity's LQTYStaking F_ETH / F_LUSD
tapioca-periph-audit/	1697	Periphery: Magnetar V2 batched-action router, oracle adapters (Seer, ARBTriCryptoOracle, OracleMulti), swapper interfaces. Magnetar is what users call from a frontend; it composes BigBang + Singularity + TOFT + YieldBox calls
tapioca-periph-audit/contracts/Magnetar/MagnetarV2.sol	420	Batched router with burst() entry point. Composes mintFromBBAndLendOnSGL, exitPositionAndRemoveCollateral, multiHopBuyCollateral, multiHopSellCollateral

Documentation

Source Code Protocol Docs

Part of the Liquity V1 Path

This shadow audit connects to the Liquity V1 Build module. Students who built the CDP protocol have an advantage because they understand Trove accounting, Stability Pool P/S decay, redistribution liquidations, and redemption-driven peg mechanics.

View Build Module

Duration28 days

Total Findings16

Scope13499 SLOC

PriceFree