eStorm

We express our gratitude to the eStorm team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

E-STORM plugin-algebra is a plugin system built on top of the Algebra Integral DEX protocol that introduces fungible ERC-20 LP tokens as representations of concentrated liquidity positions.

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• Functional requirements are partially missed.

• Technical description is not provided.

Code quality

• The development environment is configured.

Test coverage

Code coverage of the project is 93% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• The current tests cover the majority of scenarios, with a small number of edge cases remaining.

• Interactions by several users are tested thoroughly.

E-STORM plugin-algebra is a plugin system built on top of the Algebra Integral DEX protocol that introduces fungible ERC-20 LP tokens as representations of concentrated liquidity positions. Instead of requiring users to hold non-fungible position NFTs (as is standard in concentrated liquidity DEXs), the plugin allows multiple users to pool liquidity into shared tick ranges and receive proportional, fungible LP tokens in return.

When a user deposits liquidity into a specific tick range (either directly via the callback contract or by transferring an existing Algebra NFT position), the plugin mints LP tokens proportional to the value contributed relative to the existing position. LP token amounts for the first depositor in a given tick range are set to a fixed initial amount; subsequent depositors receive tokens proportional to the ratio of their deposit value to the pre-existing position value, both denominated in token1 terms using the current pool price. Withdrawals burn LP tokens and return a proportional share of the underlying liquidity plus accrued fees.

The plugin also intercepts swaps on the associated Algebra pool to apply a configurable plugin fee (expressed in parts per million) on top of the pool's base swap fee. Collected plugin fees accumulate in the plugin contract and can be withdrawn by the factory owner.

The system is deployed through a factory pattern: the LPPluginFactory owner creates custom Algebra pools and deploys LPPlugin instances bound to those pools. Each plugin deploys its own LPCallback helper for minting positions and creates LPToken ERC-20 contracts on demand via the LPTokenFactory for each unique tick range.

Files in scope

• LPPlugin.sol - Core plugin contract that hooks into Algebra pool lifecycle events (position modifications, swaps). Manages the mapping of tick ranges to fungible LP tokens, handles LP token minting/burning proportional to deposited value, processes NFT-to-LP-token conversions via onERC721Received, computes position values, and applies a configurable plugin fee on swaps.

• LPPluginFactory.sol - Ownable factory contract that deploys LPPlugin instances, creates custom Algebra pools via the entry point, and provides owner-gated administrative functions to configure pool parameters (tick spacing, plugin address, plugin config, fees) and manage plugin fee collection and rates.

• LPCallback.sol - Helper contract deployed per-plugin that executes mint calls on the Algebra pool on behalf of the plugin. Implements the algebraMintCallback to transfer tokens from the payer to the pool, supporting native token wrapping and transferFrom-based payments.

• LPToken.sol - Standard ERC-20 token with owner-restricted mint and burn functions. Each instance represents shares of a specific tick-range liquidity position. Ownership is transferred to the calling LPPlugin upon creation.

• LPTokenFactory.sol - Stateless factory that deploys new LPToken instances and transfers their ownership to the caller (LPPlugin).

• CallbackStructs.sol - Library defining the MintCallbackData struct used to pass pool key and payer information through Algebra's mint callback mechanism.

• ILPCallback.sol - Interface for the LPCallback contract, extending IAlgebraMintCallback with a mint function signature.

• ILPPluginFactory.sol - Interface for the LPPluginFactory, exposing deploy, WNativeToken, and lpTokenFactory accessors.

• ILPToken.sol - Interface for LPToken, extending IERC20 with mint, burn, and transferOwnership functions.

• ILPTokenFactory.sol - Interface for LPTokenFactory, exposing the create function.

Privileged roles

LPPluginFactory.sol:

• owner (OpenZeppelin Ownable): Has full administrative control over the system. Can:

• • Deploy new LPPlugin instances via deploy.

  • Create custom Algebra pools via the inherited createCustomPool.

  • Set tick spacing on any managed pool via setTickSpacing.

  • Replace the plugin address on any managed pool via setPlugin.

  • Reconfigure plugin hook flags on any managed pool via setPluginConfig.

  • Set the base swap fee on any managed pool via setFee.

  • Collect accumulated plugin fees from any plugin via collectFee.

  • Update the plugin fee rate on any plugin via setPluginFeeRate.

  • Transfer ownership or renounce ownership (inherited from Ownable).

LPPlugin.sol:

• pluginFactory (acts as the authorized caller via _authorize): The only address permitted to:

• • Set the plugin fee rate via setPluginFeeRate.

  • Collect plugin fees via collectPluginFee (inherited from AbstractPlugin).

• pool (the associated Algebra pool, enforced via onlyPool modifier):

• • The only address permitted to invoke plugin hook functions: beforeInitialize, beforeModifyPosition, afterModifyPosition, beforeSwap, and handlePluginFee.

LPToken.sol:

• owner (OpenZeppelin Ownable, transferred to the LPPlugin upon creation): The only address permitted to:

• • Mint new LP tokens via mint.

  • Burn LP tokens from any holder via burn.

  • Transfer ownership or renounce ownership (inherited from Ownable).

The scope of the project includes the following smart contracts from the provided repository: