From 8ae4735084a3bed967a02344ece39524de413718 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 1 Oct 2024 11:32:09 +0200 Subject: [PATCH 1/4] Paxos wUSDL ERC4626 Fixes #163 --- rate-providers/registry.json | 18 +++++++ rate-providers/wUSDLPaxosRateProvider.md | 64 ++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 rate-providers/wUSDLPaxosRateProvider.md diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 68632b2..5989f44 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -434,6 +434,24 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x4d494eF5CB1143991F7F767567aD7f55bCfDc279": { + "asset": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./wUSDLPaxosRateProvider.md", + "warnings": [], + "factory": "0xe548a29631f9e49830be8edc22d407b2d2915f31", + "upgradeableComponents": [ + { + "entrypoint": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "implementationReviewed": "0x2954C85E7e2B841d0e9A9fdcC09Dac1274057D71" + }, + { + "entrypoint": "0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe", + "implementationReviewed": "0xF393cf22308C3B0dE868ec125834A9F065C11CeC" + } + ] } }, "avalanche": { diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md new file mode 100644 index 0000000..89bd571 --- /dev/null +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -0,0 +1,64 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [arbitrum:0x4d494eF5CB1143991F7F767567aD7f55bCfDc279](https://arbiscan.io/address/0x4d494eF5CB1143991F7F767567aD7f55bCfDc279#code) +- Audit report(s): + - [USDL audits](https://github.com/paxosglobal/ybs-contract/blob/master/audits/REP-final-20240301T145234Z.pdf) + +## Context +USDL is a yield-bearing stablecoin that safely distributes yield generated by its cash and cash equivalent reserve assets. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `wYBSV1` ([arbitrum:0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559](https://arbiscan.io/address/0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559#readProxyContract)) + - admin address: [arbitrum:0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5](https://arbiscan.io/address/0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5#code) + - admin type: multisig + - multisig threshold/signers: \ + - multisig timelock? \ + + - upgradeable component: `YBSV1` ([arbitrum:0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe](https://arbiscan.io/address/0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe#code)) + - admin address: [arbitrum:0x0E5087e19EB58e28DDF9F341b550BE6797547BF7](https://arbiscan.io/address/0x0E5087e19EB58e28DDF9F341b550BE6797547BF7#code) + - admin type: multisig + - multisig threshold/signers: \ + - multisig timelock? \ + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + +The rate providers rate calculation approach is based on dividing totalAssets over totalSupply. With a donation `totalAssets()` can be influenced. The implementation is based on reading the `balanceOf` as can be seen in the below implementation code snippet +```solidity +/** @dev See {IERC4626-totalAssets}. */ +function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); +} +``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The upgradeability mechanism is properly guarded behind a multisig and the rate approach follows one of the industry standards. From 74f6530eec3c71474638a3bbe27a4c6d18cdc3b5 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 1 Oct 2024 11:48:58 +0200 Subject: [PATCH 2/4] inETH Mode api3 Rate Provider Fixes #161 --- rate-providers/API3RateProvider.md | 1 + rate-providers/registry.json | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md index 4eb0aad..a0fb57d 100644 --- a/rate-providers/API3RateProvider.md +++ b/rate-providers/API3RateProvider.md @@ -7,6 +7,7 @@ - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) - [mode:0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c](https://explorer.mode.network/address/0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c?tab=contract) - [fraxtal:0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d](https://fraxscan.com/address/0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d#readContract) + - [mode:0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B](https://explorer.mode.network/address/0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B?tab=read_contract) - Audit report(s): - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 68632b2..fd0854a 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1707,6 +1707,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B": { + "asset": "0x5A7a183B6B44Dc4EC2E3d2eF43F98C5152b1d76d", + "name": "Api3AggregatorAdaptor", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "optimism": { From 7d72cab83b6460604d06eccb47b0ca392dc921d7 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 4 Oct 2024 11:27:37 +0200 Subject: [PATCH 3/4] Paxos wUSDL ERC4626 Fixes #163 --- rate-providers/wUSDLPaxosRateProvider.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md index 89bd571..57e8333 100644 --- a/rate-providers/wUSDLPaxosRateProvider.md +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -29,14 +29,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - upgradeable component: `wYBSV1` ([arbitrum:0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559](https://arbiscan.io/address/0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559#readProxyContract)) - admin address: [arbitrum:0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5](https://arbiscan.io/address/0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5#code) - admin type: multisig - - multisig threshold/signers: \ - - multisig timelock? \ + - multisig threshold/signers: 3/20 - upgradeable component: `YBSV1` ([arbitrum:0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe](https://arbiscan.io/address/0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe#code)) - admin address: [arbitrum:0x0E5087e19EB58e28DDF9F341b550BE6797547BF7](https://arbiscan.io/address/0x0E5087e19EB58e28DDF9F341b550BE6797547BF7#code) - admin type: multisig - - multisig threshold/signers: \ - - multisig timelock? \ + - multisig threshold/signers: 3/17 ### Oracles From 2d7350f99e79e42bfd5a5657e17b31da0e27ca44 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 8 Oct 2024 15:45:45 +0800 Subject: [PATCH 4/4] Add checked by --- rate-providers/wUSDLPaxosRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md index 57e8333..7c374a7 100644 --- a/rate-providers/wUSDLPaxosRateProvider.md +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [arbitrum:0x4d494eF5CB1143991F7F767567aD7f55bCfDc279](https://arbiscan.io/address/0x4d494eF5CB1143991F7F767567aD7f55bCfDc279#code) - Audit report(s):