Cork is a programmable risk layer for on-chain assets such as vault tokens, yield-bearing stablecoins, and liquid (re)staking tokens.

• Glossary
• Architecture
• Smart Contracts
• Deployment Addresses
• Setup
• Testing
• Standards & Frameworks
• Audits
• Security
• License
• Resources
• Inspirations & Sources
• Useful Links

• CA = Collateral Asset,
• REF = Reference Asset,
• cPT = Cork Principal Token,
• cST = Cork Swap Token

Cork Phoenix uses a singleton-style architecture where all pool states are managed by CorkPoolManager.sol. This design enables efficient and secure state management of the system and providing a single source of truth for all Cork Phoenix markets.

Cork Phoenix provides a comprehensive set of operations for managing positions throughout their lifecycle. All operations are available in CorkPoolManager.sol.

Each pool issues two shares upon deposit: cPT (Cork Principal Token) and cST (Cork Swap Token). This enables users to hold or trade principal and swap exposures separately.

---
config:
  layout: fixed
---
flowchart TB

%% =====================
%% Governance Layer
%% =====================
subgraph GOV["Governance Layer"]
    DCC["DefaultCorkController"]
end

%% =====================
%% Access / Policy Layer
%% =====================
subgraph ACCESS["Access Control Layer"]
    WM["WhitelistManager"]
end

%% =====================
%% Core Layer
%% =====================
subgraph CORE["Core Layer"]
    CPM["CorkPoolManager<br/>(singleton)"]
    SF["SharesFactory"]
    CRA["ConstraintRateAdapter"]
    PST["PoolShare Tokens<br/>(cPT, cST)"]
    ORA["Oracle"]
end

%% =====================
%% Periphery Layer
%% =====================
subgraph PERI["Periphery Layer"]
    CA["CorkAdapter"]
end

%% =====================
%% User (explicitly last)
%% =====================
USER(["User"])

%% =====================
%% Governance Relations
%% =====================
DCC -- "controls" --> CPM
DCC -- "controls" --> WM

%% =====================
%% Whitelisting Relations
%% =====================
WM -- "provides whitelisting to" --> CPM
WM -- "provides whitelisting to" --> CA

%% =====================
%% Core Relations
%% =====================
CPM -- "uses" --> SF
CPM -- "uses" --> CRA

SF -- "deploys" --> PST
CRA -- "fetches rates from" --> ORA

%% =====================
%% Periphery Relations
%% =====================
CPM -- "exposes pools to" --> CA
USER -- "interacts with" --> CA

%% =====================
%% Styling
%% =====================
classDef critical fill:#ffeebb,stroke:#e29100,color:#000,stroke-width:2px
classDef normal fill:#eef,stroke:#999,color:#000

class DCC,CPM,CA critical
class WM,SF,CRA,PST,ORA normal

It's important to note that while you can interact with CorkPoolManager directly, it does not provide slippage and deadline protection out of the box. If slippage is a concern, consider using our periphery adapter (CorkAdapter.sol). This contract is inspired by the Morpho GeneralAdapter1 contract. You can use the adapter with the bundler3 contract similar to how you would normally use the Morpho adapter with multicall, but tailored specifically to Cork's adapter.

All interfaces are located in this folder

Cork Protocol uses the Safe CREATE2 Deployer to ensure consistent contract addresses across all chains.

• Ethereum Mainnet (chain ID: 1)

All core Cork contracts share the same addresses across all deployed chains:

Note: For Sepolia testnet, Bundler3 is deployed at 0xd43EB38E260bF2d6c9B3222559842686B1C303C0

For deployment parameters and configuration, see config/prod.toml.

For WrapperRateConsumer oracle deployments, seeconfig/markets/README.md.

For detailed setup, build, and test instructions, see DEVELOPMENT.md.

Cork Phoenix employs a comprehensive multi-layered testing approach to ensure protocol security and correctness.

test/forge/
├── unit/          # Isolated tests for libraries and individual contracts
├── integration/   # End-to-end workflow tests across multiple contracts
├── smoke/         # Tests contract functions against on-chain data
├── helpers/       # Test helper contracts
└── mocks/         # Mock contracts for testing

• Unit Tests: Isolated testing of libraries and individual contract functions
• Integration Tests: End-to-end workflows testing interactions between multiple contracts
• Fuzz Tests: Property-based testing using Foundry's fuzzing engine for edge cases, decimals, and rounding
• Smoke Tests: Contract function validation against on-chain data

Cork Phoenix builds on OpenZeppelin's battle-tested security standards to ensure robust access control, upgradeability, and protection against common attack vectors. We implement ERC-7201 namespaced storage layout for future-proof upgradeable contracts and use the UUPS proxy pattern for gas-efficient upgrades while maintaining security through role-based access control.

While Cork implements ERC4626-compatible interfaces for familiarity, we extend beyond the standard with a dual token system (cPT + cST) that separates principal protection from swap exposure. This architectural choice enables users to independently hold or trade their cPT and cST tokens, a key differentiator from traditional single-share vault designs.

Cork integrates Morpho's bundler3 framework to enable atomic multi-operation transactions. This allows users to compose complex workflows (e.g., deposit + swap + exercise) in a single transaction, significantly improving UX and reducing gas costs. Our CorkAdapter.sol extends Morpho's GeneralAdapter1 with Cork-specific safety checks including slippage protection and deadline enforcement.

We leverage Permit2 for signature-based token approvals, eliminating the need for separate approval transactions. This reduces friction for users and enables gas-efficient batch operations—critical for a protocol where users frequently interact with multiple tokens (REF, CA, cPT, cST) across different operations.

All audit reports are stored in the audits folder.

For security policies and vulnerability disclosure see SECURITY.md.

See the LICENSE file for details. Individual contracts may have specific license specifications.

Find a complete development guide at DEVELOPMENT.md

Morpho Bundler3 (GitHub)

• Transaction batching framework for atomic multi-step operations
• Source: GeneralAdapter1.sol adapted from Morpho's bundler3
• Purpose: Gas optimization and improved UX through operation bundling

Uniswap Permit2 (GitHub)

• Signature-based approvals for gas-efficient token transfers
• Batch approval capabilities
• Integration in periphery adapters

OpenZeppelin Contracts

• Security patterns: AccessControl, Pausable, ReentrancyGuard
• Upgradeable proxy infrastructure: UUPS, ERC1967Proxy
• Token standards: ERC20, ERC20Permit (EIP-2612)
• Libraries: Math, SafeERC20, SafeCast

Chainlink Oracles

• MinimalAggregatorV3Interface inspired by Chainlink's AggregatorV3Interface
• Price feed integration for external rate data

ERC4626 Tokenized Vault Standard

• Partial compatibility for deposit/withdraw/redeem operations
• Deviation: Dual token system instead of single share token
• Additional swap/exercise functionality beyond ERC4626 scope

• Cork Documentation
• Cork Phoenix Litepaper