diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md index 4eb0aad..a0fb57d 100644 --- a/rate-providers/API3RateProvider.md +++ b/rate-providers/API3RateProvider.md @@ -7,6 +7,7 @@ - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) - [mode:0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c](https://explorer.mode.network/address/0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c?tab=contract) - [fraxtal:0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d](https://fraxscan.com/address/0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d#readContract) + - [mode:0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B](https://explorer.mode.network/address/0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B?tab=read_contract) - Audit report(s): - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 83d880c..090b164 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -434,6 +434,24 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x4d494eF5CB1143991F7F767567aD7f55bCfDc279": { + "asset": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./wUSDLPaxosRateProvider.md", + "warnings": [], + "factory": "0xe548a29631f9e49830be8edc22d407b2d2915f31", + "upgradeableComponents": [ + { + "entrypoint": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "implementationReviewed": "0x2954C85E7e2B841d0e9A9fdcC09Dac1274057D71" + }, + { + "entrypoint": "0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe", + "implementationReviewed": "0xF393cf22308C3B0dE868ec125834A9F065C11CeC" + } + ] } }, "avalanche": { @@ -1708,6 +1726,15 @@ "factory": "", "upgradeableComponents": [] }, + "0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B": { + "asset": "0x5A7a183B6B44Dc4EC2E3d2eF43F98C5152b1d76d", + "name": "Api3AggregatorAdaptor", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] + }, "0xac8fae65008cbb22a27103160452418aa3c84128": { "asset": "0x0022228a2cc5E7eF0274A7Baa600d44da5aB5776", "name": "ERC4626RateProvider", diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md new file mode 100644 index 0000000..7c374a7 --- /dev/null +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -0,0 +1,62 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [arbitrum:0x4d494eF5CB1143991F7F767567aD7f55bCfDc279](https://arbiscan.io/address/0x4d494eF5CB1143991F7F767567aD7f55bCfDc279#code) +- Audit report(s): + - [USDL audits](https://github.com/paxosglobal/ybs-contract/blob/master/audits/REP-final-20240301T145234Z.pdf) + +## Context +USDL is a yield-bearing stablecoin that safely distributes yield generated by its cash and cash equivalent reserve assets. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `wYBSV1` ([arbitrum:0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559](https://arbiscan.io/address/0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559#readProxyContract)) + - admin address: [arbitrum:0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5](https://arbiscan.io/address/0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5#code) + - admin type: multisig + - multisig threshold/signers: 3/20 + + - upgradeable component: `YBSV1` ([arbitrum:0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe](https://arbiscan.io/address/0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe#code)) + - admin address: [arbitrum:0x0E5087e19EB58e28DDF9F341b550BE6797547BF7](https://arbiscan.io/address/0x0E5087e19EB58e28DDF9F341b550BE6797547BF7#code) + - admin type: multisig + - multisig threshold/signers: 3/17 + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + +The rate providers rate calculation approach is based on dividing totalAssets over totalSupply. With a donation `totalAssets()` can be influenced. The implementation is based on reading the `balanceOf` as can be seen in the below implementation code snippet +```solidity +/** @dev See {IERC4626-totalAssets}. */ +function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); +} +``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The upgradeability mechanism is properly guarded behind a multisig and the rate approach follows one of the industry standards.