Royco | Ethereum | available

[yvesbou]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
defiscan	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 3, 2025 6:41am

[alexandre-mrt]

Hey @yvesbou ,
I will take that case, should be finished end of next week.

[yvesbou]

@alexandre-mrt thank you for your interest in DeFi Scan and writing a report! We're looking forward to your findings.

[emduc]

Hi @alexandre-mrt, Thanks for taking on this review

Here you can find an excalidraw where you can make a diagram of the protocol that could be included in the review. We try to have diagrams to show and explain the contract interactions in every new review. You can have a look at compound-v3 as an example.

https://link.excalidraw.com/l/9pt8PDVB43r/boUxLaHuDl

[yvesbou]

hey @alexandre-mrt how are you doing with the report? do you need some help?

[yvesbou]

please submit a draft (does not have to be 100%) by Thursday otherwise we mark this as available @alexandre-mrt

[Aabdullahi015]

I'm interested in writing this review. I'd love to contribute to Defiscan, too!

[yvesbou]

sure thing @Aabdullahi015

You have two weeks time to submit a first draft (until 18.06).
If you have questions, we cant stress enough that all questions are encouraged!

I've updated the template to the latest version just now. Go through the contracts table, run them with the permission scanner. Fill out the permission table with the functions that are restricted/permissioned. While doing that, figure out the smart contract architecture, draw a diagram showing key user interactions + permissioned function calls. This should help contextualise the report and the mentioned contracts and permissions.

The ratings section should name concrete centralization vectors (upgrading, stealing funds, withholding fees/incentives etc.). The protocol analysis section should explain the diagram(s) and can be more technical, mention concrete functions etc.

The permission table (contract | function | impact | owner) should also be technical.

Regarding autonomy/dependency, this is for assessing the risk of dependencies that could break and what's the effect on the studied defi protocol (in this case euler v2). Dependencies are strictly outside, so a multisig of the team is not considered for the category of dependency. For a borrow lending platform, price oracles are the obvious dependency that have centralizing effect on their autonomy

Generally, when speaking about risk:

high risk -> users can suffer loss of deposited funds
medium risk -> users can suffer loss of unclaimed yield or temporary loss of funds
low risk -> users are confronted with drastic performance changes, like excessive fees etc.

all these risks are induced through
either malicious/faulty upgrade or dependency failure/manipulation

[yvesbou]

Hi @Aabdullahi015 mind the deadline is tomorrow. Can you please report on the progress?

[Aabdullahi015]

I apologize for missing the deadline — I encountered technical issues with my permission scanner setup that necessitated reinstalling my operating system due to Python dependency conflicts. I’m still refining the draft to ensure it meets DefiScan’s standards. I respectfully request a four-day extension to submit a complete and high-quality review.

[yvesbou]

Hi @Aabdullahi015
Can you show us your work in progress?

[yvesbou]

This bounty is available again.

[eliasbourgon]

Hi,
I’d be happy to take on this review.

[yvesbou]

@eliasbourgon please take sth else - I just checked and it seems that the TVL of royco completely collapsed, so royco is not justified for a bounty anymore

[eliasbourgon]

ok thanks, is there something else ?