From 2b7249717edcedf21316d9e437e759e13cbbfcdb Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 25 Jun 2024 14:38:03 +0200 Subject: [PATCH 01/68] weETHs Symbiotic Rate Provider Fixes #90 --- rate-providers/WeETHs.md | 93 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 rate-providers/WeETHs.md diff --git a/rate-providers/WeETHs.md b/rate-providers/WeETHs.md new file mode 100644 index 0000000..703e7f6 --- /dev/null +++ b/rate-providers/WeETHs.md @@ -0,0 +1,93 @@ +# Rate Provider: `AccountantWithRateProviders` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0xbe16605B22a7faCEf247363312121670DFe5afBE](https://etherscan.io/address/0xbe16605B22a7faCEf247363312121670DFe5afBE#code) +- Audit report(s): + - [Symbiotic](https://docs.symbiotic.fi/security) + - [Ether Fi](https://www.ether.fi/) + +## Context +With the new Super Symbiotic LRT vault restaking in @symbioticfi is enabled. When a user deposits, $weETHs is minted, the Super Symbiotic LRT. Users will be able to use $weETHs in DeFi. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - admin address: [ethereum:https://etherscan.io/address/0x0000000000000000000000000000000000000000](https://etherscan.io/address/0x0000000000000000000000000000000000000000) + - admin type: EOA + - comment: the `owner` can change the `authority` which is the contract managing function access. If the authority were changed the possibility of an unintended account setting the rate would be possible. However as part of [this tx](https://etherscan.io/tx/0xa7ead57c956a7e8ac333088a024060fd8e7119c4088d4575e63a14c80a67cb08) ownership was transfered to the zero address. + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). \ + - source: Multisig 2/3 + - source address: [ethereum:0x41dfc53b13932a2690c9790527c1967d8579a6ae](https://etherscan.io/address/0x41dfc53b13932a2690c9790527c1967d8579a6ae) + - any protections? NO: The rate provider contract has the following `getRate` implementation. + ```solidity + function getRate() public view returns (uint256 rate) { + rate = accountantState.exchangeRate; + } + ```` + and the `accountantStae` is updated by: + ```solidity + function updateExchangeRate(uint96 newExchangeRate) external requiresAuth { + AccountantState storage state = accountantState; + if (state.isPaused) revert AccountantWithRateProviders__Paused(); + uint64 currentTime = uint64(block.timestamp); + uint256 currentExchangeRate = state.exchangeRate; + uint256 currentTotalShares = vault.totalSupply(); + if ( + currentTime < state.lastUpdateTimestamp + state.minimumUpdateDelayInSeconds + || newExchangeRate > currentExchangeRate.mulDivDown(state.allowedExchangeRateChangeUpper, 1e4) + || newExchangeRate < currentExchangeRate.mulDivDown(state.allowedExchangeRateChangeLower, 1e4) + ) { + // Instead of reverting, pause the contract. This way the exchange rate updater is able to update the exchange rate + // to a better value, and pause it. + state.isPaused = true; + } else { + _calculateFeesOwed(state, newExchangeRate, currentExchangeRate, currentTotalShares, currentTime); + } + + state.exchangeRate = newExchangeRate; + state.totalSharesLastUpdate = uint128(currentTotalShares); + state.lastUpdateTimestamp = currentTime; + + emit ExchangeRateUpdated(uint96(currentExchangeRate), newExchangeRate, currentTime); + } + ``` + Which effectively pauses the contract if a rate is send which is outside of the allowed deviation bounds. However this does not stop `getRate` from being called. Meaning the pool would still trade on "bad" price data. However a possible alternative would be to have `getRatae` work the same way as `getRateSafe` which checks for the rate provider being paused. + ```solidity + function getRateSafe() external view returns (uint256 rate) { + if (accountantState.isPaused) revert AccountantWithRateProviders__Paused(); + rate = getRate(); + } + ``` + + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + + +## Conclusion +**Summary judgment: SAFE/UNSAFE** + +This rate provider while price data being sent from a multisig still allows for very high or low exchangeRates being stored and the pool accessing this exchange rate to trade with. This is risky as a potentially not verified exchangeRate could be sent such as a hiccup on the exchangeRate decimals. The suggestion would be to for example have `getRate` also check if the rate provider is paused due to a bad exchange rate being sent. From d2f43cf74b952a3cad5c768ddc046965c2593292 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 26 Jun 2024 11:15:11 +0200 Subject: [PATCH 02/68] review: add registry entry --- rate-providers/WeETHs.md | 4 ++-- rate-providers/registry.json | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/rate-providers/WeETHs.md b/rate-providers/WeETHs.md index 703e7f6..324fbc3 100644 --- a/rate-providers/WeETHs.md +++ b/rate-providers/WeETHs.md @@ -32,7 +32,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). ### Oracles -- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). \ +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). - source: Multisig 2/3 - source address: [ethereum:0x41dfc53b13932a2690c9790527c1967d8579a6ae](https://etherscan.io/address/0x41dfc53b13932a2690c9790527c1967d8579a6ae) - any protections? NO: The rate provider contract has the following `getRate` implementation. @@ -41,7 +41,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If rate = accountantState.exchangeRate; } ```` - and the `accountantStae` is updated by: + and the `accountantState` is updated by: ```solidity function updateExchangeRate(uint96 newExchangeRate) external requiresAuth { AccountantState storage state = accountantState; diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 77a2724..8d33044 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1060,6 +1060,15 @@ "implementationReviewed": "0x5b97c9dcce2693844b90cea40ba1fd15bf99eb01" } ] + }, + "0xbe16605B22a7faCEf247363312121670DFe5afBE": { + "asset": "0x917ceE801a67f933F2e6b33fC0cD1ED2d5909D88", + "name": "AccountantWithRateProviders", + "summary": "", + "review": "./WeETHs.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "fantom": { From c6399a67406cdf856886351b845fc0033b6781d5 Mon Sep 17 00:00:00 2001 From: jogeorgeou Date: Tue, 13 Aug 2024 08:57:43 -0400 Subject: [PATCH 03/68] wstETH-CL-RP-zkEVM Pending on chain verification of the feed contract from chainlink. RP: https://zkevm.polygonscan.com/address/0x8dd590ebb702c21a41289a0a69b0c6f74bdece75#code Feed: https://docs.chain.link/data-feeds/price-feeds/addresses?network=polygonzkevm&page=1&search=0x2Fe92f6a59d08dA453AFdAeF20925185e9d2E897 --- rate-providers/registry.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index f5ab9c0..48d1eeb 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1832,6 +1832,15 @@ "warnings": ["chainlink"], "factory": "0x4132f7AcC9dB7A6cF7BE2Dd3A9DC8b30C7E6E6c8", "upgradeableComponents": [] + }, + "0x8dd590ebb702c21a41289A0a69b0C6F74bdece75": { + "asset": "0x5D8cfF95D7A57c0BF50B30b43c7CC0D52825D4a9", + "name": "wstETH Rate Provider", + "summary": "safe", + "review": "./ChainLinkRateProvider.md", + "warnings": ["chainlink"], + "factory": "0x4132f7AcC9dB7A6cF7BE2Dd3A9DC8b30C7E6E6c8", + "upgradeableComponents": [] } } } From 026899bdfc64ded2b4723ac46875800ab15cae15 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Mon, 26 Aug 2024 09:08:31 +0200 Subject: [PATCH 04/68] GYD Constant Rate Provider Fixes #137 --- rate-providers/GYDConstantRateProvider.md | 46 +++++++++++++++++++++++ rate-providers/registry.json | 9 +++++ 2 files changed, 55 insertions(+) create mode 100644 rate-providers/GYDConstantRateProvider.md diff --git a/rate-providers/GYDConstantRateProvider.md b/rate-providers/GYDConstantRateProvider.md new file mode 100644 index 0000000..01df270 --- /dev/null +++ b/rate-providers/GYDConstantRateProvider.md @@ -0,0 +1,46 @@ +# Rate Provider: `ConstantRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [arbitrum:0x3a216B01db971Bf28D171C9dA44Cc8C89867697F](https://arbiscan.io/address/0x3a216B01db971Bf28D171C9dA44Cc8C89867697F#code) +- Audit report(s): + - [Gyro audits](https://docs.gyro.finance/gyroscope-protocol/audit-reports) + +## Context +This rate provider reports a constant rate which upscales the gyd price to a specific area of the ellipsis pricing function. +> reason for the constant rate provider is to scale the prices that the pool does its math at to the part of the ellipse that is near 1:1 (as opposed to 2500:1 for ETH pricing). Reason there is because this region is better tested (although in principle, the rounding analysis should apply to a much wider range of parameters and pool prices -- but feels slightly safer to use the scaling) + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +The required `getRate` value for this particular case scales the balances to the required pricing point on the gyro pricing curve. For more information see also the [gauge proposal](https://forum.balancer.fi/t/bip-xxx-enable-gauge-for-gyd-wsteth-e-clp-arbitrum/5956). Note: This rateProvider should not be used for other pools to provide rate data for GYD. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index f1cec8b..0a95cf9 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -416,6 +416,15 @@ "implementationReviewed": "0x6C6c6857e2F32fcCBDb2791597350Aa034a3ce47" } ] + }, + "0x3a216B01db971Bf28D171C9dA44Cc8C89867697F": { + "asset": "0xCA5d8F8a8d49439357d3CF46Ca2e720702F132b8", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./GYDConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "avalanche": { From 0a006def53ab5ae813cd8ff504aa29128a8b114c Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 28 Aug 2024 11:44:04 +0200 Subject: [PATCH 05/68] sDAI Rate Provider - Mode Fixes #138 --- rate-providers/API3RateProvider.md | 93 ++++++++++++++++++++++++++++++ rate-providers/registry.json | 9 +++ 2 files changed, 102 insertions(+) create mode 100644 rate-providers/API3RateProvider.md diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md new file mode 100644 index 0000000..8b99963 --- /dev/null +++ b/rate-providers/API3RateProvider.md @@ -0,0 +1,93 @@ +# Rate Provider: `Api3AggregatorAdaptor` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) +- Audit report(s): + - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html) + +## Context +dAPIs are on-chain data feeds sourced from off-chain first-party oracles owned and operated by API providers themselves and are continuously updated using signed data. dApp owners can read the on-chain value of any dAPI in realtime. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: API3. + - source address: The data is sourced from multiple "beacon" which are a set of airnodes which provide the data. These individual datapoints are aggregated and form the oracle value. [mode:https://modescan.io/address/0x709944a48cAf83535e43471680fDA4905FB3920a](https://modescan.io/address/0x709944a48cAf83535e43471680fDA4905FB3920a) + - any protections? The data points being aggregated are medianized across the beacons used to form the value. + ```solidity + function aggregateBeacons( + bytes32[] memory beaconIds + ) internal view returns (int224 value, uint32 timestamp) { + uint256 beaconCount = beaconIds.length; + require(beaconCount > 1, "Specified less than two Beacons"); + int256[] memory values = new int256[](beaconCount); + int256[] memory timestamps = new int256[](beaconCount); + for (uint256 ind = 0; ind < beaconCount; ) { + DataFeed storage dataFeed = _dataFeeds[beaconIds[ind]]; + values[ind] = dataFeed.value; + timestamps[ind] = int256(uint256(dataFeed.timestamp)); + unchecked { + ind++; + } + } + value = int224(median(values)); + timestamp = uint32(uint256(median(timestamps))); + } + ``` + An individual beacon can only be updated by an airnode. This is checked by recovering the signer from a signature + ```solidity + function updateBeaconWithSignedData( + address airnode, + bytes32 templateId, + uint256 timestamp, + bytes calldata data, + bytes calldata signature + ) external override returns (bytes32 beaconId) { + require( + ( + keccak256(abi.encodePacked(templateId, timestamp, data)) + .toEthSignedMessageHash() + ).recover(signature) == airnode, + "Signature mismatch" + ); + beaconId = deriveBeaconId(airnode, templateId); + int224 updatedValue = processBeaconUpdate(beaconId, timestamp, data); + emit UpdatedBeaconWithSignedData( + beaconId, + updatedValue, + uint32(timestamp) + ); + } + ``` + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. API3 updates the rate on mode regularly and has various protections in place to ensure appropriate values are forwarded. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index ca12e8e..aebb86e 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1530,6 +1530,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22": { + "asset": "", + "name": "Api3AggregatorAdaptor", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "optimism": { From e1a877f6296f83956080a6fcd6f23b7c1abc42c5 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 29 Aug 2024 08:22:46 +0200 Subject: [PATCH 06/68] add checked by --- rate-providers/GYDConstantRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/GYDConstantRateProvider.md b/rate-providers/GYDConstantRateProvider.md index 01df270..12c7797 100644 --- a/rate-providers/GYDConstantRateProvider.md +++ b/rate-providers/GYDConstantRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [arbitrum:0x3a216B01db971Bf28D171C9dA44Cc8C89867697F](https://arbiscan.io/address/0x3a216B01db971Bf28D171C9dA44Cc8C89867697F#code) - Audit report(s): From 65572831924b9306bb34f31d3fef8297a337fa51 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 29 Aug 2024 08:48:07 +0200 Subject: [PATCH 07/68] Add checked by --- rate-providers/API3RateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md index 8b99963..7578546 100644 --- a/rate-providers/API3RateProvider.md +++ b/rate-providers/API3RateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) - Audit report(s): From 1f21ef66ef644bc3a0357bcf43575c4cc7db607b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Thu, 29 Aug 2024 09:56:57 +0200 Subject: [PATCH 08/68] review: add asset to registry --- rate-providers/registry.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index aebb86e..f594434 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1532,7 +1532,7 @@ "upgradeableComponents": [] }, "0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22": { - "asset": "", + "asset": "0x3f51c6c5927b88cdec4b61e2787f9bd0f5249138", "name": "Api3AggregatorAdaptor", "summary": "safe", "review": "./API3RateProvider.md", From 498a323c35f7b580408fa1f77d466ef864b8911d Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 3 Sep 2024 09:55:20 +0200 Subject: [PATCH 09/68] wUSDM Rate Provider - Optimism Fixes #136 --- rate-providers/registry.json | 11 ++++++++++- rate-providers/wUSDMRateProvider.md | 10 ++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index ca12e8e..1bb93ab 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -344,7 +344,7 @@ "name": "wUSDM", "summary": "safe", "review": "./wUSDMRateProvider.md", - "warnings": [], + "warnings": ["eoaUpgradeable"], "factory": "", "upgradeableComponents": [ { @@ -1730,6 +1730,15 @@ "implementationReviewed": "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12" } ] + }, + "0x52cdf016439Cf36b1c7655740BAa8216977F6487": { + "asset": "0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./wUSDMRateProvider.md", + "warnings": ["eoaUpgradeable"], + "factory": "0x02a569eea6f85736E2D63C59E60d27d075E75c33", + "upgradeableComponents": [] } }, "polygon": { diff --git a/rate-providers/wUSDMRateProvider.md b/rate-providers/wUSDMRateProvider.md index fd0b543..92e66f8 100644 --- a/rate-providers/wUSDMRateProvider.md +++ b/rate-providers/wUSDMRateProvider.md @@ -5,6 +5,7 @@ - Checked by: @\ - Deployed at: - [arbitrum:0x7F55E509006C9Df7594C4819Ba7ebfE6EfE4854b](https://arbiscan.io/address/0x7F55E509006C9Df7594C4819Ba7ebfE6EfE4854b#code) + - [optimism:0x52cdf016439Cf36b1c7655740BAa8216977F6487](https://optimistic.etherscan.io/address/0x52cdf016439Cf36b1c7655740BAa8216977F6487#readContract) - Audit report(s): - [Mountain protocol audits](https://docs.mountainprotocol.com/reference/security-resources) @@ -26,11 +27,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). - [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + #### wUSDM Optimism + - upgradeable component: `wUSDM` ([optimism:0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812](https://optimistic.etherscan.io/address/0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812#code)) + - admin address: [optimism:0xed5e9caefa28cb31c8e011B4405a39b36DA35898](https://optimistic.etherscan.io/address/0xed5e9caefa28cb31c8e011B4405a39b36DA35898) + - admin type: EOA + + #### wUSDM Arbitrum - upgradeable component: `wUSDM` ([arbitrum:0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812](https://arbiscan.io/address/0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812#readProxyContract)) - admin address: [arbitrum:0xfD0C148Dd9bfb196D70981b96e27a294e51bd50F](https://arbiscan.io/address/0xfD0C148Dd9bfb196D70981b96e27a294e51bd50F) - admin type: EOA - ### Oracles - [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). @@ -51,7 +57,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. ### M-01: Opaque upgradeability mechanism -The account allowed to upgrade is an EOA (which according to mountain protocol is an openzeppelin relayer). It is not possibly to verify this onchain. A LP in pools which use this rate provider should be aware of it and verify if possible. For more information see: https://docs.openzeppelin.com/defender/v2/manage/relayers#security-considerations +The account allowed to upgrade the Arbitrum & optimism instances is an EOA (which according to mountain protocol is an openzeppelin relayer). It is not possibly to verify this onchain. A LP in pools which use this rate provider should be aware of it and verify if possible. For more information see: https://docs.openzeppelin.com/defender/v2/manage/relayers#security-considerations From fa459f39f41486d44222a821c7a4cce41ea252ab Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 3 Sep 2024 16:15:09 +0200 Subject: [PATCH 10/68] Mellow dvstETH Rate Provider Fixes #135 --- rate-providers/MellowRateProviders.md | 12 +++++++----- rate-providers/registry.json | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/rate-providers/MellowRateProviders.md b/rate-providers/MellowRateProviders.md index 5e0f99b..e2493d0 100644 --- a/rate-providers/MellowRateProviders.md +++ b/rate-providers/MellowRateProviders.md @@ -10,6 +10,7 @@ - [ethereum:0x3A2228C7B3Bc3A32AEa9338d0A890A5EbD7bc977](https://etherscan.io/address/0x3A2228C7B3Bc3A32AEa9338d0A890A5EbD7bc977#code) - [ethereum:0x34406A8Ee75B5af34F8920D1960AC6a5B33A47b6](https://etherscan.io/address/0x34406A8Ee75B5af34F8920D1960AC6a5B33A47b6#readContract) - [ethereum:0x2A2f1b8c02Dafc5359B8E0e8BFc138400CB6d3a1](https://etherscan.io/address/0x2A2f1b8c02Dafc5359B8E0e8BFc138400CB6d3a1#readContract) + - [ethereum:0x1a9DBa2dC3E82F53d040701F97DC0438d26A4320](https://etherscan.io/address/0x1a9DBa2dC3E82F53d040701F97DC0438d26A4320#readContract) - Audit report(s): - [Mellow LRT audits](https://docs.mellow.finance/mellow-lrt-primitive/audits) @@ -67,11 +68,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: multisig - multisig threshold/signers: 5/8 - comment: The `ADMIN_ROLE`has the capability to add new Tvl modules, which are target of an external call. An rogue `ADMIN_ROLE`could add malicious modules potentially inflating the the price. This functionality currently resides within: [ethereum:0x9437B2a8cF3b69D782a61f9814baAbc172f72003](https://etherscan.io/address/0x9437B2a8cF3b69D782a61f9814baAbc172f72003) - - - - - + #### Decentralized Validator Token (DVstETH) + - upgradeable component: `Vault`([ethereum:0x5E362eb2c0706Bd1d134689eC75176018385430B](https://etherscan.io/address/0x5E362eb2c0706Bd1d134689eC75176018385430B)) + - admin address: [ethereum:0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0](https://etherscan.io/address/0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0) + - admin type: multisig + - multisig threshold/signers: 5/8 + - comment: The `ADMIN_ROLE`has the capability to add new Tvl modules, which are target of an external call. An rogue `ADMIN_ROLE`could add malicious modules potentially inflating the the price. This functionality currently resides within: [ethereum:0x9437B2a8cF3b69D782a61f9814baAbc172f72003](https://etherscan.io/address/0x9437B2a8cF3b69D782a61f9814baAbc172f72003) ### Oracles - [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 25da86f..2dc1e7c 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1367,6 +1367,20 @@ "implementationReviewed": "0x0b75F2B048CA8517f6476316F872903920DCC8ef" } ] + }, + "0x1a9DBa2dC3E82F53d040701F97DC0438d26A4320": { + "asset": "0x5E362eb2c0706Bd1d134689eC75176018385430B", + "name": "VaultRateOracle", + "summary": "safe", + "review": "./MellowRateProviders.md", + "warnings": ["donation"], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x5E362eb2c0706Bd1d134689eC75176018385430B", + "implementationReviewed": "0xe2D2E90122cb203CF1565a37ef90a256843A825A" + } + ] } }, "fantom": { From c2498a3396661ac751db8d72fab86e27e0c05bf8 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 4 Sep 2024 16:45:21 +0200 Subject: [PATCH 11/68] Add checked by --- rate-providers/wUSDMRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/wUSDMRateProvider.md b/rate-providers/wUSDMRateProvider.md index 92e66f8..812e9ed 100644 --- a/rate-providers/wUSDMRateProvider.md +++ b/rate-providers/wUSDMRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [arbitrum:0x7F55E509006C9Df7594C4819Ba7ebfE6EfE4854b](https://arbiscan.io/address/0x7F55E509006C9Df7594C4819Ba7ebfE6EfE4854b#code) - [optimism:0x52cdf016439Cf36b1c7655740BAa8216977F6487](https://optimistic.etherscan.io/address/0x52cdf016439Cf36b1c7655740BAa8216977F6487#readContract) From 0efc5490cd7b6e28a2b35d0c302d8c3ebe8d6703 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 10 Sep 2024 13:59:39 +0200 Subject: [PATCH 12/68] stataGnoUSDCe Rate Provider - Gnosis Fixes #143 --- rate-providers/registry.json | 9 +++++++++ rate-providers/statATokenLMRateProvider.md | 12 ++++++++++++ 2 files changed, 21 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 472c58d..edb7264 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1542,6 +1542,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x5F62fd24941B585b91EB059E0ea1a7e729357511": { + "asset": "0xf0E7eC247b918311afa054E0AEdb99d74c31b809", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [], + "factory": "0x15e86be6084c6a5a8c17732d398dfbc2ec574cec", + "upgradeableComponents": [] } }, "mode": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 569c6da..7e64ddd 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -15,6 +15,7 @@ - [optimism:0x3f921Ebabab0703BC06d1828D09a245e8390c263](https://optimistic.etherscan.io/address/0x3f921Ebabab0703BC06d1828D09a245e8390c263#code) - [base:0x4467Ab7BC794bb3929d77e826328BD378bf5392F](https://basescan.org/address/0x4467Ab7BC794bb3929d77e826328BD378bf5392F) - [gnosis:0x821aFE819450A359E29a5209C48f2Fa3321C8AD2](https://gnosisscan.io/address/0x821aFE819450A359E29a5209C48f2Fa3321C8AD2#readContract) + - [gnosis:0x5F62fd24941B585b91EB059E0ea1a7e729357511](https://gnosisscan.io/address/0x5F62fd24941B585b91EB059E0ea1a7e729357511#code) - Audit report(s): - [Formal Verification Report For StaticAToken](https://github.com/bgd-labs/static-a-token-v3/blob/main/audits/Formal_Verification_Report_staticAToken.pdf) @@ -150,6 +151,17 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [gnosis:0x5F62fd24941B585b91EB059E0ea1a7e729357511](https://gnosisscan.io/address/0x5F62fd24941B585b91EB059E0ea1a7e729357511#code) + - upgradeable component: `StaticATokenLM` ([gnosis:0xf0E7eC247b918311afa054E0AEdb99d74c31b809](https://gnosisscan.io/address/0xf0E7eC247b918311afa054E0AEdb99d74c31b809#readProxyContract)) + - admin address: [gnosis:0x1dF462e2712496373A347f8ad10802a5E95f053D](https://gnosisscan.io/address/0x1dF462e2712496373A347f8ad10802a5E95f053D) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `PoolInstanceWithCustomInitialize` ([gnosis:0xb50201558B00496A145fE76f7424749556E326D8](https://gnosisscan.io/address/0xb50201558B00496A145fE76f7424749556E326D8#readProxyContract)) + - admin address: [gnosis:0x1dF462e2712496373A347f8ad10802a5E95f053D](https://gnosisscan.io/address/0x1dF462e2712496373A347f8ad10802a5E95f053D#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + + ### Oracles - [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). From c48d21ac62d70672012b5b4932fe8debfd3325fc Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 10 Sep 2024 17:06:07 +0200 Subject: [PATCH 13/68] Acre stBTC Rate Provider Fixes #144 --- rate-providers/registry.json | 18 ++++++++ rate-providers/stBTCRateProvider.md | 68 +++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 rate-providers/stBTCRateProvider.md diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 472c58d..e011e70 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1381,6 +1381,24 @@ "implementationReviewed": "0xe2D2E90122cb203CF1565a37ef90a256843A825A" } ] + }, + "0x479306411084bD75b8Ce9Dd488e64f212b8336b2": { + "asset": "0xdF217EFD8f3ecb5E837aedF203C28c1f06854017", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./stBTCRateProvider.md", + "warnings": ["donation"], + "factory": "0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec", + "upgradeableComponents": [ + { + "entrypoint": "0xdF217EFD8f3ecb5E837aedF203C28c1f06854017", + "implementationReviewed": "0xef96b93db617f3db5b2cf2df9aa50bd7f5cb22c4" + }, + { + "entrypoint": "0xAB13B8eecf5AA2460841d75da5d5D861fD5B8A39", + "implementationReviewed": "0xd7097af27b14e204564c057c636022fae346fe60" + } + ] } }, "fantom": { diff --git a/rate-providers/stBTCRateProvider.md b/rate-providers/stBTCRateProvider.md new file mode 100644 index 0000000..4bd3136 --- /dev/null +++ b/rate-providers/stBTCRateProvider.md @@ -0,0 +1,68 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0x479306411084bD75b8Ce9Dd488e64f212b8336b2](https://etherscan.io/address/0x479306411084bD75b8Ce9Dd488e64f212b8336b2#readContract) +- Audit report(s): + - [Acre audits](https://acre.fi/assets/stbtc-smart-contracts-audit.pdf) + +## Context +Users deposit BTC and receive stBTC representing their deposited BTC. The deposited BTC is deployed to Bitcoin layers that use BTC as their Proof-of-Stake asset, generating rewards for stBTC holders. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `stBTC` ([ethereum:0xdF217EFD8f3ecb5E837aedF203C28c1f06854017](https://etherscan.io/address/0xdF217EFD8f3ecb5E837aedF203C28c1f06854017)) + - admin address: [ethereum:0x790Dda4c56b3c45d0e4514eDbAaBa30D7129c857](https://etherscan.io/address/0x790Dda4c56b3c45d0e4514eDbAaBa30D7129c857#code) + - admin type: multisig + - multisig threshold/signers: 3/7 + + + - upgradeable component: `Portal` ([ethereum:0xAB13B8eecf5AA2460841d75da5d5D861fD5B8A39](https://etherscan.io/address/0xAB13B8eecf5AA2460841d75da5d5D861fD5B8A39#code)) + - admin address: [ethereum:0x98D8899c3030741925BE630C710A98B57F397C7a](https://etherscan.io/address/0x98D8899c3030741925BE630C710A98B57F397C7a#code) + - admin type: multisig + - multisig threshold/signers: 5/9 + + #### A note on pricing approach. + The price is calculated via a totalAssets / totalSupply approach. totalAssets is calculated via + ```solidity + function totalAssets() public view override returns (uint256) { + return + IERC20(asset()).balanceOf(address(this)) + + dispatcher.totalAssets() + + totalDebt; + } + ``` + Where debt can be publicly minted by anyone if his `allowedDebt[msg.sender]` is not exceeded. The admin who can set this limit for any account is a 3/7 Multisig at [ethereum:0x790Dda4c56b3c45d0e4514eDbAaBa30D7129c857](https://etherscan.io/address/0x790Dda4c56b3c45d0e4514eDbAaBa30D7129c857). + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + Various token balances are being read throughout the rate calculation. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. A common mechanism to calculate share price is chosen (totalAssets / totalSupply) and any external contracts which influence the rate or callable functions which influence the rate are properly guarded by multisigs. From ecd7312d778a44b2f09a9b48d2b3208debf4afb9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 12 Sep 2024 15:58:50 +0200 Subject: [PATCH 14/68] Add checked by --- rate-providers/stBTCRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/stBTCRateProvider.md b/rate-providers/stBTCRateProvider.md index 4bd3136..47bb664 100644 --- a/rate-providers/stBTCRateProvider.md +++ b/rate-providers/stBTCRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0x479306411084bD75b8Ce9Dd488e64f212b8336b2](https://etherscan.io/address/0x479306411084bD75b8Ce9Dd488e64f212b8336b2#readContract) - Audit report(s): From e339fadecbb2f7283155f5fbfd0aaa234156b6e3 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 18 Sep 2024 08:22:15 +0200 Subject: [PATCH 15/68] balETH ERC4626 Rate Provider Fixes #148 --- rate-providers/TokemakRateProvider.md | 51 +++++++++++++++++++++++++++ rate-providers/registry.json | 10 ++++++ 2 files changed, 61 insertions(+) create mode 100644 rate-providers/TokemakRateProvider.md diff --git a/rate-providers/TokemakRateProvider.md b/rate-providers/TokemakRateProvider.md new file mode 100644 index 0000000..dc0235e --- /dev/null +++ b/rate-providers/TokemakRateProvider.md @@ -0,0 +1,51 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0xd4580a56e715F14Ed9d340Ff30147d66230d44Ba](https://etherscan.io/address/0xd4580a56e715F14Ed9d340Ff30147d66230d44Ba#readContract) +- Audit report(s): + - [Tokemak audits](https://docs.tokemak.xyz/developer-docs/security-and-audits) + +## Context +An Autopool, which use the highly composable ERC-4626 standard and can be configured with a set of destinations (pools and DEXs) to which assets may be deployed to. In this particular rate provider the Autopool's assets are distributed accross the Balancer ecosystem where the base asset is Ether. For more information see also the [tokemak app](https://app.tokemak.xyz/autopool?id=0x6dC3ce9C57b20131347FDc9089D740DAf6eB34c5). +Assets deposited into an Autopool are not subject to any lock ups or cooldown periods, meaning that users can withdraw their funds at any time. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work with Balancer pools. However due to the time-boxed nature of this review and the high complexity of the underlying Tokemak Autopool product, this review could not cover the total path of how the rate is computed. The approach used to rate calculation is the common totalAssets / totalSupply approach usually used by yield-bearing vault type products. One thing to mention is that for a user, there are essentially two ways to exit an Autopool. Either, by withdrawing the ERC4626 vault's `asset` or selling balETH into the the pool where this rate provider is used. Depending on withdraw size, the rate the pool uses can differ between the rate used on `withdraw` (hint:slippage) from the Vault. For more information also see the developer comments in `AutopoolDebt.sol:withdraw()`. + +Additionally During initial Autopool deployment rates are expected to be more dynamic. For more context see the developers comments +> Right now the the balETH Autopool has done two rebalances and there is value loss associated with that... slippage and fee's swapping from WETH to wstETH/ETHx/rsETH. Since its so early in the deployment, it also hasn't performed any reward claiming and auto-compounds so it hasn't had a chance to make up lost value yet. We'd expect this on every Autopool for the first few days after the first rebalances. + + +The suggestions is to revisit this rate provider review once the pool has gained traction and conduct a more thorough review of the underlying Tokemak system. \ No newline at end of file diff --git a/rate-providers/registry.json b/rate-providers/registry.json index d963a02..ca9e545 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1399,6 +1399,15 @@ "implementationReviewed": "0xd7097af27b14e204564c057c636022fae346fe60" } ] + }, + "0xd4580a56e715F14Ed9d340Ff30147d66230d44Ba": { + "asset": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./TokemakRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "fantom": { @@ -1561,6 +1570,7 @@ "factory": "", "upgradeableComponents": [] }, + "0x5F62fd24941B585b91EB059E0ea1a7e729357511": { "asset": "0xf0E7eC247b918311afa054E0AEdb99d74c31b809", "name": "ERC4626RateProvider", From 0125aac580848c93240487a31bb0c7a0a36d7329 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 18 Sep 2024 13:15:44 +0200 Subject: [PATCH 16/68] add note on upgradeability --- rate-providers/TokemakRateProvider.md | 1 + 1 file changed, 1 insertion(+) diff --git a/rate-providers/TokemakRateProvider.md b/rate-providers/TokemakRateProvider.md index dc0235e..8f74eb7 100644 --- a/rate-providers/TokemakRateProvider.md +++ b/rate-providers/TokemakRateProvider.md @@ -25,6 +25,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Administrative Privileges - [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - comment: The system uses a minimal proxy architecture, which simply forwards all calls. While the vault is not upgradeable by the usual upgradeable-proxy pattern it needs to be noted that additional downstream components may be upgradeable but were not part of the first review. - [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). From 6ee51cd45add73cd0f571e1a74b08ea1927e6fd0 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Wed, 18 Sep 2024 09:59:37 -0400 Subject: [PATCH 17/68] GYD-Constant-Rate-Providers-Sept-2024 Adding GYD constant rate providers on mainnet: https://etherscan.io/address/0xD43F5a722e8e7355D790adda4642f392Dfb820a1 and Arbitrum: https://arbiscan.io/address/0x72F6Da3b4bd0Ab7028F52339Ee3B1f94fffe2dD0 At the request of issue #150 --- rate-providers/GYDConstantRateProvider.md | 2 ++ rate-providers/registry.json | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/rate-providers/GYDConstantRateProvider.md b/rate-providers/GYDConstantRateProvider.md index 12c7797..ed69a15 100644 --- a/rate-providers/GYDConstantRateProvider.md +++ b/rate-providers/GYDConstantRateProvider.md @@ -5,6 +5,8 @@ - Checked by: @danielmkm - Deployed at: - [arbitrum:0x3a216B01db971Bf28D171C9dA44Cc8C89867697F](https://arbiscan.io/address/0x3a216B01db971Bf28D171C9dA44Cc8C89867697F#code) + - [arbitrum:0x72F6Da3b4bd0Ab7028F52339Ee3B1f94fffe2dD0](https://arbiscan.io/address/0x72F6Da3b4bd0Ab7028F52339Ee3B1f94fffe2dD0#code) + - [ethereum:0xD43F5a722e8e7355D790adda4642f392Dfb820a1](https://etherscan.io/address/0xD43F5a722e8e7355D790adda4642f392Dfb820a1#code) - Audit report(s): - [Gyro audits](https://docs.gyro.finance/gyroscope-protocol/audit-reports) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index d963a02..a12a881 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -425,6 +425,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x72F6Da3b4bd0Ab7028F52339Ee3B1f94fffe2dD0": { + "asset": "0xCA5d8F8a8d49439357d3CF46Ca2e720702F132b8", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./GYDConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "avalanche": { @@ -1399,6 +1408,15 @@ "implementationReviewed": "0xd7097af27b14e204564c057c636022fae346fe60" } ] + }, + "0xD43F5a722e8e7355D790adda4642f392Dfb820a1": { + "asset": "0xe07f9d810a48ab5c3c914ba3ca53af14e4491e8a", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./GYDConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "fantom": { From ba1ef881037bc97f626c638b75cfef9be4a3ebbf Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 18 Sep 2024 18:32:46 +0200 Subject: [PATCH 18/68] Add checked by --- rate-providers/TokemakRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/TokemakRateProvider.md b/rate-providers/TokemakRateProvider.md index 8f74eb7..4b93689 100644 --- a/rate-providers/TokemakRateProvider.md +++ b/rate-providers/TokemakRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0xd4580a56e715F14Ed9d340Ff30147d66230d44Ba](https://etherscan.io/address/0xd4580a56e715F14Ed9d340Ff30147d66230d44Ba#readContract) - Audit report(s): From c61f299b6ec9817bec0113145ed3c4de0eff01b1 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Thu, 19 Sep 2024 15:35:40 -0400 Subject: [PATCH 19/68] Update-issue-request-form Adds in optional sections for token addresses of underlying rate providers to be added; prompting users to put these links in the additional links section when it applies. Also adding an open end section for additional comments and clarifications for non-Balancer contributors to better communicate when starting off the review process. --- .github/ISSUE_TEMPLATE/review-request.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/review-request.yml b/.github/ISSUE_TEMPLATE/review-request.yml index 7ca99e4..1ebd7a1 100644 --- a/.github/ISSUE_TEMPLATE/review-request.yml +++ b/.github/ISSUE_TEMPLATE/review-request.yml @@ -31,15 +31,23 @@ body: id: contract attributes: label: Contract Source Code - description: Please link to the verified contract deployment on etherscan. If not yet deployed, please link to the contract source on GitHub. - placeholder: https://etherscan.io/address/0xBA12222222228d8Ba445958a75a0704d566BF2C8#code + description: Please link to the verified contract deployment on the block explorer. If not yet deployed, please link to the contract source on GitHub. + placeholder: https://etherscan.io/address/0x1a8f81c256aee9c640e14bb0453ce247ea0dfe6f#code validations: required: true + - type: input + id: contract + attributes: + label: Asset Contract Source Code + description: Please link to the verified contract deployment of the underlying asset this rate provider corresponds to on the block explorer. + placeholder: https://etherscan.io/address/0xae78736cd615f374d3085123a210448e74fc6393#code + validations: + required: false - type: textarea id: more-links attributes: label: Additional Links - description: If this contract has multiple instances or is deployed to multiple networks, please provide the remaining links here. + description: If this contract has multiple instances or is deployed to multiple networks, please provide the remaining links for both the contract and the corresponding assets here. placeholder: https://etherscan.io/address/0xBA12222222228d8Ba445958a75a0704d566BF2C8#code validations: required: false @@ -73,3 +81,11 @@ body: required: true - label: If upgradeable, the contract's administrator is not an EOA. required: true + - type: textarea + id: comments + attributes: + label: Additional Comments & Clarifications + description: If the submitted contract(s) or their dependencies require additional comments or clarifications, please provide them here. + placeholder: This contract currently appears to be upgradeable by an EOA, but will be transferred to a 3/5 safe before pool deployment. + validations: + required: false \ No newline at end of file From 21066f1e2b700f9b347aa08a1af7a82de6737c8a Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 20 Sep 2024 14:19:16 +0200 Subject: [PATCH 20/68] Update review-request.yml make input label unique --- .github/ISSUE_TEMPLATE/review-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/review-request.yml b/.github/ISSUE_TEMPLATE/review-request.yml index 1ebd7a1..8320e19 100644 --- a/.github/ISSUE_TEMPLATE/review-request.yml +++ b/.github/ISSUE_TEMPLATE/review-request.yml @@ -36,7 +36,7 @@ body: validations: required: true - type: input - id: contract + id: asset-contract attributes: label: Asset Contract Source Code description: Please link to the verified contract deployment of the underlying asset this rate provider corresponds to on the block explorer. @@ -88,4 +88,4 @@ body: description: If the submitted contract(s) or their dependencies require additional comments or clarifications, please provide them here. placeholder: This contract currently appears to be upgradeable by an EOA, but will be transferred to a 3/5 safe before pool deployment. validations: - required: false \ No newline at end of file + required: false From 075c8e31386f78046e2c815d62b056ffab1e6497 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 25 Sep 2024 11:04:06 +0200 Subject: [PATCH 21/68] Fraxtal wstETH API3 Rate Provider Fixes #151 --- rate-providers/API3RateProvider.md | 4 +++- rate-providers/registry.json | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md index 7578546..4eb0aad 100644 --- a/rate-providers/API3RateProvider.md +++ b/rate-providers/API3RateProvider.md @@ -5,6 +5,8 @@ - Checked by: @danielmkm - Deployed at: - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) + - [mode:0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c](https://explorer.mode.network/address/0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c?tab=contract) + - [fraxtal:0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d](https://fraxscan.com/address/0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d#readContract) - Audit report(s): - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html) @@ -90,4 +92,4 @@ To save time, we do not bother pointing out low-severity/informational issues or ## Conclusion **Summary judgment: SAFE** -This rate provider should work well with Balancer pools. API3 updates the rate on mode regularly and has various protections in place to ensure appropriate values are forwarded. +These rate providers should work well with Balancer pools. API3 updates the rate on mode & fraxtal regularly and has various protections in place to ensure appropriate values are forwarded. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 420449e..120f05a 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1495,6 +1495,15 @@ "implementationReviewed": "0xd295936C8Bb465ADd1eC756a51698127CB4F4910" } ] + }, + "0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d": { + "asset": "", + "name": "", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "gnosis": { @@ -1617,6 +1626,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c": { + "asset": "", + "name": "Api3AggregatorAdaptor", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "optimism": { From 9ab9cbe57229b600b53e98fe980662f867bd851e Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 25 Sep 2024 15:13:37 +0200 Subject: [PATCH 22/68] Affine Rate Providers (2) Fixes #149 --- .../AffineLiquidRestakingRateProviders.md | 99 +++++++++++++++++++ rate-providers/registry.json | 36 +++++++ 2 files changed, 135 insertions(+) create mode 100644 rate-providers/AffineLiquidRestakingRateProviders.md diff --git a/rate-providers/AffineLiquidRestakingRateProviders.md b/rate-providers/AffineLiquidRestakingRateProviders.md new file mode 100644 index 0000000..4f8b7cb --- /dev/null +++ b/rate-providers/AffineLiquidRestakingRateProviders.md @@ -0,0 +1,99 @@ +# Rate Provider: `PriceFeed` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742](https://etherscan.io/address/0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742) + - [ethereum:0x3e47F17725628Fde5330C2310B799545ef40C93e](https://etherscan.io/address/0x3e47F17725628Fde5330C2310B799545ef40C93e) +- Audit report(s): + - [Affine audits](https://docs.affinedefi.com/security/audit-reports) + +## Context +Affine ultraLRTs are Symbiotic and Eigenlayer Liquid Restaking Tokens (LRTs). Affine UltraLRT vaults expose an exchange rate of affine vault share <-> affine vault asset via a rate provider. The approach to computing the rate is based on an totalAssets / totalShares approach. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges + +#### UltraEthS +- [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) + - admin type: EOA + - multisig threshold/signers: N.A + - multisig timelock? YES: 24 hours minDelay. + - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `UltraLRT` ([ethereum:0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131](https://etherscan.io/address/0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131)) + - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) + - admin type: EOA + - multisig threshold/signers: N.A + - multisig timelock? YES: 24 hours minDelay. + - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) + +#### UltraETH +- [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) + - admin type: EOA + - multisig threshold/signers: N.A + - multisig timelock? YES: 24 hours minDelay. + - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `UltraLRT` ([ethereum:0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131](https://etherscan.io/address/0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131)) + - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) + - admin type: EOA + - multisig threshold/signers: N.A + - multisig timelock? YES: 24 hours minDelay. + - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) + + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Chainlink + - source address: [ethereum:0x86392dC19c0b719886221c78AB11eb8Cf5c52812](https://etherscan.io/address/0x86392dC19c0b719886221c78AB11eb8Cf5c52812) + - any protections? No, the CL feed is only used to price steth. + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Providers are susceptible to donation attacks. + - comment: `vaultAssets()` uses a `balanceOf`. + ```solidity + /** + * @notice Get the total assets + */ + function totalAssets() public view override returns (uint256) { + return vaultAssets() + delegatorAssets - lockedProfit(); + } + + /** + * @notice Get the vault liquid assets + */ + function vaultAssets() public view returns (uint256) { + return IERC20MetadataUpgradeable(asset()).balanceOf(address(this)); + } + ``` + Part of the rate depends on the balance of the Vault's asset, which is a common occurrence. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +### M-01: EOA upgradeability +Even though the systems upgradeability is behind a timelock with 1 day delay, the Timelock controller both has as the proposer and executor an EOA. It would be more secure if for example the proposer was moved to a multisig. + + +## Conclusion +**Summary judgment: SAFE** + +These rate providers should work well with Balancer pools. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 420449e..eaa0126 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1426,6 +1426,42 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742": { + "asset": "0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131", + "name": "PriceFeed", + "summary": "unsafe", + "review": "./AffineLiquidRestakingRateProviders.md", + "warnings": ["eoaUpgradeable"], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742", + "implementationReviewed": "0x8022d3b6928cBA328899C8fD29734655aDafb0f4" + }, + { + "entrypoint": "0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131", + "implementationReviewed": "0xCee23c4724D70Ad9F327Cc86947f690494c15D48" + } + ] + }, + "0x3e47F17725628Fde5330C2310B799545ef40C93e": { + "asset": "0xcbC632833687DacDcc7DfaC96F6c5989381f4B47", + "name": "PriceFeed", + "summary": "unsafe", + "review": "./AffineLiquidRestakingRateProviders.md", + "warnings": ["eoaUpgradeable"], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x3e47F17725628Fde5330C2310B799545ef40C93e", + "implementationReviewed": "0x8022d3b6928cba328899c8fd29734655adafb0f4" + }, + { + "entrypoint": "0xcbC632833687DacDcc7DfaC96F6c5989381f4B47", + "implementationReviewed": "0xcee23c4724d70ad9f327cc86947f690494c15d48" + } + ] } }, "fantom": { From e76882d1c4eb12bc61c20e2f049dc9e11552a5b5 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Thu, 26 Sep 2024 13:08:18 -0400 Subject: [PATCH 23/68] stataEthCrvUSD-&-stataEthLUSD Adding review information and merging stataEthCrvUSD + stataEthLUSD to the registry. --- rate-providers/registry.json | 36 ++++++++++++++++++++++ rate-providers/statATokenLMRateProvider.md | 22 +++++++++++++ 2 files changed, 58 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 420449e..630eca0 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -931,6 +931,42 @@ } ] }, + "0x3fc2eada4FE8ecc835E74D295b9447B4A4475bAE": { + "asset": "0x848107491E029AFDe0AC543779c7790382f15929", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x848107491E029AFDe0AC543779c7790382f15929", + "implementationReviewed": "0xc026f5dd7869e0ddc44a759ea3dec6d5cd8d996b" + }, + { + "entrypoint": "0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2", + "implementationReviewed": "0x5faab9e1adbddad0a08734be8a52185fd6558e14" + } + ] + }, + "0x159aa33322918C12a08d8b83a215836781C2682F": { + "asset": "0xDBf5E36569798D1E39eE9d7B1c61A7409a74F23A", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xDBf5E36569798D1E39eE9d7B1c61A7409a74F23A", + "implementationReviewed": "0xc026f5dd7869e0ddc44a759ea3dec6d5cd8d996b" + }, + { + "entrypoint": "0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2", + "implementationReviewed": "0x5faab9e1adbddad0a08734be8a52185fd6558e14" + } + ] + }, "0xC29783738A475112Cafe58433Dd9D19F3a406619": { "asset": "0xf073bAC22DAb7FaF4a3Dd6c6189a70D54110525C", "name": "GenEthRateProvider", diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 7e64ddd..945cc94 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -5,6 +5,8 @@ - Checked by: @danielmkm - Deployed at: - [ethereum:0xda3E8CD08753a05Ed4103aF28c69C47e35d6D8Da](https://etherscan.io/address/0xda3E8CD08753a05Ed4103aF28c69C47e35d6D8Da#code) + - [ethereum:0x3fc2eada4FE8ecc835E74D295b9447B4A4475bAE](https://etherscan.io/address/0x3fc2eada4FE8ecc835E74D295b9447B4A4475bAE#code) + - [ethereum:0x159aa33322918C12a08d8b83a215836781C2682F](https://etherscan.io/address/0x159aa33322918C12a08d8b83a215836781C2682F#code) - [polygon:0x7d10050F608c8EFFf118eDd1416D82a0EF2d7531](https://polygonscan.com/address/0x7d10050F608c8EFFf118eDd1416D82a0EF2d7531) - [polygon:0x9977a61a6aa950044d4dcD8aA0cAb76F84ea5aCd](https://polygonscan.com/address/0x9977a61a6aa950044d4dcD8aA0cAb76F84ea5aCd) - [arbitrum:0x87cD462A781c0ca843EAB131Bf368328848bB6fD](https://arbiscan.io/address/0x87cd462a781c0ca843eab131bf368328848bb6fd) @@ -48,6 +50,26 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [ethereum:0x3fc2eada4FE8ecc835E74D295b9447B4A4475bAE](https://etherscan.io/address/0x3fc2eada4FE8ecc835E74D295b9447B4A4475bAE#code) + - upgradeable component: `StaticATokenLM` ([ethereum:0x848107491E029AFDe0AC543779c7790382f15929](https://etherscan.io/address/0x848107491E029AFDe0AC543779c7790382f15929#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `Pool` ([ethereum:0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2](https://etherscan.io/address/0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + + - [ethereum:0x159aa33322918C12a08d8b83a215836781C2682F](https://etherscan.io/address/0x159aa33322918C12a08d8b83a215836781C2682F#code) + - upgradeable component: `StaticATokenLM` ([ethereum:0xDBf5E36569798D1E39eE9d7B1c61A7409a74F23A](https://etherscan.io/address/0xDBf5E36569798D1E39eE9d7B1c61A7409a74F23A#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `Pool` ([ethereum:0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2](https://etherscan.io/address/0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + - [polygon:0x7d10050F608c8EFFf118eDd1416D82a0EF2d7531](https://polygonscan.com/address/0x7d10050F608c8EFFf118eDd1416D82a0EF2d7531) - upgradeable component: `StaticATokenLM` ([polygon:0x2dCa80061632f3F87c9cA28364d1d0c30cD79a19](https://polygonscan.com/address/0x2dCa80061632f3F87c9cA28364d1d0c30cD79a19#readProxyContract)) - admin address: [polygon:0xDf7d0e6454DB638881302729F5ba99936EaAB233](https://polygonscan.com/address/0xDf7d0e6454DB638881302729F5ba99936EaAB233#code) From b22026b055699d51b3a4ec9e2176e1ad1915f1dc Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:52:31 -0400 Subject: [PATCH 24/68] Update registry.json Adding addresses and name for Fraxtal instance. Please double check with my comment above prior to merging. --- rate-providers/registry.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 120f05a..e9b2652 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1497,8 +1497,8 @@ ] }, "0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d": { - "asset": "", - "name": "", + "asset": "0x748e54072189Ec8540cD58A078404ebFDc2aACeA", + "name": "Api3AggregatorAdaptor", "summary": "safe", "review": "./API3RateProvider.md", "warnings": [], @@ -1628,7 +1628,7 @@ "upgradeableComponents": [] }, "0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c": { - "asset": "", + "asset": "0x98f96A4B34D03a2E6f225B28b8f8Cb1279562d81", "name": "Api3AggregatorAdaptor", "summary": "safe", "review": "./API3RateProvider.md", From b5316345fa6d94e03b86394fc5a38b9bc480b4dd Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 27 Sep 2024 09:36:51 +0200 Subject: [PATCH 25/68] review: add correct admin --- .../AffineLiquidRestakingRateProviders.md | 16 ++++++---------- rate-providers/registry.json | 8 ++++---- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/rate-providers/AffineLiquidRestakingRateProviders.md b/rate-providers/AffineLiquidRestakingRateProviders.md index 4f8b7cb..881872b 100644 --- a/rate-providers/AffineLiquidRestakingRateProviders.md +++ b/rate-providers/AffineLiquidRestakingRateProviders.md @@ -27,17 +27,17 @@ If none of these is checked, then this might be a pretty great Rate Provider! If #### UltraEthS - [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). - - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) - - admin type: EOA - - multisig threshold/signers: N.A + - admin address: [ethereum:0x67Ec3Bb25a5DB6eB7Ba74f6C0b2bA193A3983FB8](https://etherscan.io/address/0x67Ec3Bb25a5DB6eB7Ba74f6C0b2bA193A3983FB8#code) + - admin type: Multisig + - multisig threshold/signers: 2/4 - multisig timelock? YES: 24 hours minDelay. - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) - [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). - upgradeable component: `UltraLRT` ([ethereum:0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131](https://etherscan.io/address/0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131)) - - admin address: [ethereum:0x551B8c62F961640278506b408a751CC29A3f4471](https://etherscan.io/address/0x551B8c62F961640278506b408a751CC29A3f4471) - - admin type: EOA - - multisig threshold/signers: N.A + - admin address: [ethereum:0x67Ec3Bb25a5DB6eB7Ba74f6C0b2bA193A3983FB8](https://etherscan.io/address/0x67Ec3Bb25a5DB6eB7Ba74f6C0b2bA193A3983FB8#code) + - admin type: Multisig + - multisig threshold/signers: 2/4 - multisig timelock? YES: 24 hours minDelay. - timelock address: [ethereum:0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e](https://etherscan.io/address/0x4B21438ffff0f0B938aD64cD44B8c6ebB78ba56e) @@ -89,10 +89,6 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. -### M-01: EOA upgradeability -Even though the systems upgradeability is behind a timelock with 1 day delay, the Timelock controller both has as the proposer and executor an EOA. It would be more secure if for example the proposer was moved to a multisig. - - ## Conclusion **Summary judgment: SAFE** diff --git a/rate-providers/registry.json b/rate-providers/registry.json index eaa0126..ddb947f 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1430,9 +1430,9 @@ "0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742": { "asset": "0xF0a949B935e367A94cDFe0F2A54892C2BC7b2131", "name": "PriceFeed", - "summary": "unsafe", + "summary": "safe", "review": "./AffineLiquidRestakingRateProviders.md", - "warnings": ["eoaUpgradeable"], + "warnings": [], "factory": "", "upgradeableComponents": [ { @@ -1448,9 +1448,9 @@ "0x3e47F17725628Fde5330C2310B799545ef40C93e": { "asset": "0xcbC632833687DacDcc7DfaC96F6c5989381f4B47", "name": "PriceFeed", - "summary": "unsafe", + "summary": "safe", "review": "./AffineLiquidRestakingRateProviders.md", - "warnings": ["eoaUpgradeable"], + "warnings": [], "factory": "", "upgradeableComponents": [ { From 5604fc12e2e9e6a6e2fa2e55a468868d8d43de47 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 27 Sep 2024 10:50:32 +0200 Subject: [PATCH 26/68] add checked by --- rate-providers/AffineLiquidRestakingRateProviders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/AffineLiquidRestakingRateProviders.md b/rate-providers/AffineLiquidRestakingRateProviders.md index 881872b..b60dc93 100644 --- a/rate-providers/AffineLiquidRestakingRateProviders.md +++ b/rate-providers/AffineLiquidRestakingRateProviders.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742](https://etherscan.io/address/0x4E4C0ea425bacc68cD2Acbf1cdaa234bE9Dd8742) - [ethereum:0x3e47F17725628Fde5330C2310B799545ef40C93e](https://etherscan.io/address/0x3e47F17725628Fde5330C2310B799545ef40C93e) From 7a0ac00764a9bd14fd4d2d5747e81ec04d209f56 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 27 Sep 2024 11:05:31 +0200 Subject: [PATCH 27/68] review: add factories --- rate-providers/registry.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 630eca0..08a9353 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -937,7 +937,7 @@ "summary": "safe", "review": "./statATokenLMRateProvider.md", "warnings": [""], - "factory": "", + "factory": "https://etherscan.io/address/0xfc541f8d8c5e907e236c8931f0df9f58e0c259ec", "upgradeableComponents": [ { "entrypoint": "0x848107491E029AFDe0AC543779c7790382f15929", @@ -955,7 +955,7 @@ "summary": "safe", "review": "./statATokenLMRateProvider.md", "warnings": [""], - "factory": "", + "factory": "0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec", "upgradeableComponents": [ { "entrypoint": "0xDBf5E36569798D1E39eE9d7B1c61A7409a74F23A", From 8ae4735084a3bed967a02344ece39524de413718 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 1 Oct 2024 11:32:09 +0200 Subject: [PATCH 28/68] Paxos wUSDL ERC4626 Fixes #163 --- rate-providers/registry.json | 18 +++++++ rate-providers/wUSDLPaxosRateProvider.md | 64 ++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 rate-providers/wUSDLPaxosRateProvider.md diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 68632b2..5989f44 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -434,6 +434,24 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x4d494eF5CB1143991F7F767567aD7f55bCfDc279": { + "asset": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./wUSDLPaxosRateProvider.md", + "warnings": [], + "factory": "0xe548a29631f9e49830be8edc22d407b2d2915f31", + "upgradeableComponents": [ + { + "entrypoint": "0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559", + "implementationReviewed": "0x2954C85E7e2B841d0e9A9fdcC09Dac1274057D71" + }, + { + "entrypoint": "0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe", + "implementationReviewed": "0xF393cf22308C3B0dE868ec125834A9F065C11CeC" + } + ] } }, "avalanche": { diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md new file mode 100644 index 0000000..89bd571 --- /dev/null +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -0,0 +1,64 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [arbitrum:0x4d494eF5CB1143991F7F767567aD7f55bCfDc279](https://arbiscan.io/address/0x4d494eF5CB1143991F7F767567aD7f55bCfDc279#code) +- Audit report(s): + - [USDL audits](https://github.com/paxosglobal/ybs-contract/blob/master/audits/REP-final-20240301T145234Z.pdf) + +## Context +USDL is a yield-bearing stablecoin that safely distributes yield generated by its cash and cash equivalent reserve assets. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `wYBSV1` ([arbitrum:0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559](https://arbiscan.io/address/0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559#readProxyContract)) + - admin address: [arbitrum:0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5](https://arbiscan.io/address/0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5#code) + - admin type: multisig + - multisig threshold/signers: \ + - multisig timelock? \ + + - upgradeable component: `YBSV1` ([arbitrum:0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe](https://arbiscan.io/address/0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe#code)) + - admin address: [arbitrum:0x0E5087e19EB58e28DDF9F341b550BE6797547BF7](https://arbiscan.io/address/0x0E5087e19EB58e28DDF9F341b550BE6797547BF7#code) + - admin type: multisig + - multisig threshold/signers: \ + - multisig timelock? \ + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + +The rate providers rate calculation approach is based on dividing totalAssets over totalSupply. With a donation `totalAssets()` can be influenced. The implementation is based on reading the `balanceOf` as can be seen in the below implementation code snippet +```solidity +/** @dev See {IERC4626-totalAssets}. */ +function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); +} +``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The upgradeability mechanism is properly guarded behind a multisig and the rate approach follows one of the industry standards. From 74f6530eec3c71474638a3bbe27a4c6d18cdc3b5 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 1 Oct 2024 11:48:58 +0200 Subject: [PATCH 29/68] inETH Mode api3 Rate Provider Fixes #161 --- rate-providers/API3RateProvider.md | 1 + rate-providers/registry.json | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/rate-providers/API3RateProvider.md b/rate-providers/API3RateProvider.md index 4eb0aad..a0fb57d 100644 --- a/rate-providers/API3RateProvider.md +++ b/rate-providers/API3RateProvider.md @@ -7,6 +7,7 @@ - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code) - [mode:0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c](https://explorer.mode.network/address/0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c?tab=contract) - [fraxtal:0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d](https://fraxscan.com/address/0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d#readContract) + - [mode:0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B](https://explorer.mode.network/address/0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B?tab=read_contract) - Audit report(s): - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 68632b2..fd0854a 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1707,6 +1707,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B": { + "asset": "0x5A7a183B6B44Dc4EC2E3d2eF43F98C5152b1d76d", + "name": "Api3AggregatorAdaptor", + "summary": "safe", + "review": "./API3RateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "optimism": { From c3293c28be98617110343f968797b2c0baf66a73 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 2 Oct 2024 11:12:16 +0200 Subject: [PATCH 30/68] Angle stUSD Mode Rate Provider Fixes #162 --- rate-providers/AngleStakedUSDARateProvider.md | 99 +++++++++++++++++++ rate-providers/registry.json | 13 +++ 2 files changed, 112 insertions(+) create mode 100644 rate-providers/AngleStakedUSDARateProvider.md diff --git a/rate-providers/AngleStakedUSDARateProvider.md b/rate-providers/AngleStakedUSDARateProvider.md new file mode 100644 index 0000000..1b53468 --- /dev/null +++ b/rate-providers/AngleStakedUSDARateProvider.md @@ -0,0 +1,99 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [mode:0xac8fae65008cbb22a27103160452418aa3c84128](https://explorer.mode.network/address/0xac8fae65008cbb22a27103160452418aa3c84128?tab=read_contract) +- Audit report(s): + - [No audit](no audits were provided for this review) + +## Context +stUSD is a staked version of USDA earning a native USD yield paid in USDA. It is a yield-bearing ERC-20 token that can be freely transferred and that is always redeemable for an ever-growing amount of USDA. The value of 1 stUSD is not meant to be $1: it increases over time as yield continuously accrues to it. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `CoreBorrow` (Access control manager) ([mode:0xA61BeB4A3d02decb01039e378237032B351125B4](https://explorer.mode.network/address/0xA61BeB4A3d02decb01039e378237032B351125B4)) + - admin address: [mode:0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805](https://explorer.mode.network/address/0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805?tab=contract) + - admin type: multisig + - multisig threshold/signers: 4/6 + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: The essential part of computing the rate is based on a storage variable called `rate`. which can be updated by various members. + ```solidity + /// @inheritdoc ERC4626Upgradeable + function totalAssets() public view override returns (uint256) { + return _computeUpdatedAssets(super.totalAssets(), block.timestamp - lastUpdate); + } + + /// @notice Computes how much `currentBalance` held in the contract would be after `exp` time following + /// the `rate` of increase + function _computeUpdatedAssets(uint256 currentBalance, uint256 exp) internal view returns (uint256) { + uint256 ratePerSecond = rate; + if (exp == 0 || ratePerSecond == 0) return currentBalance; + uint256 expMinusOne = exp - 1; + uint256 expMinusTwo = exp > 2 ? exp - 2 : 0; + uint256 basePowerTwo = (ratePerSecond * ratePerSecond + HALF_BASE_27) / BASE_27; + uint256 basePowerThree = (basePowerTwo * ratePerSecond + HALF_BASE_27) / BASE_27; + uint256 secondTerm = (exp * expMinusOne * basePowerTwo) / 2; + uint256 thirdTerm = (exp * expMinusOne * expMinusTwo * basePowerThree) / 6; + return (currentBalance * (BASE_27 + ratePerSecond * exp + secondTerm + thirdTerm)) / BASE_27; + } + ``` + Depending on what values this `rate` is set at, the rate provider reports different rates due to the pricing approach being totalAssets / totalSupply. The rate can be set via + ```solidity + function setRate(uint208 newRate) external onlyTrustedOrGuardian { + if (newRate > maxRate) revert InvalidRate(); + _accrue(); + rate = newRate; + emit RateUpdated(newRate); + } + ``` + - source address: + - 2/3 Multisig [mode:0x7DE8289038DF0b89FFEC71Ee48a2BaD572549027](https://explorer.mode.network/address/0x7DE8289038DF0b89FFEC71Ee48a2BaD572549027) + - 4/6 Multisig [mode:0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805](https://explorer.mode.network/address/0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805) + - Timelock minDelay 86400 [mode:0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19](https://explorer.mode.network/address/0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19) which receives proposals via LayerZero from Mainnet. + - any protections? YES: the max rate is set by admins + ```solidity + /// @notice Updates the maximum rate settable + function setMaxRate(uint256 newMaxRate) external onlyGovernor { + maxRate = newMaxRate; + emit MaxRateUpdated(newMaxRate); + } + ``` + Currently [mode:](https://explorer.mode.network/address/0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805) 4/6 Multisig and the Timelock [mode:0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19](https://explorer.mode.network/address/0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19) ( minDelay = 86400 ) can set these max rates. + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + +The rate can be changed via a donation as implied by the `totalAssets()` function implemented as +```solidity +/** @dev See {IERC4262-totalAssets}. */ +function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); +} +``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The rate computation approach is a widely used approach of totalAssets / totalSupply and the oracle data required for the increasing rate is guarded behind various multisigs and checks. \ No newline at end of file diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 68632b2..f600ba4 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1707,6 +1707,19 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0xac8fae65008cbb22a27103160452418aa3c84128": { + "asset": "0x0022228a2cc5E7eF0274A7Baa600d44da5aB5776", + "name": "ERC4626RateProvider", + "summary": "", + "review": "./AngleStakedUSDARateProvider.md", + "warnings": [], + "factory": "0x0767bECE12a327A1eD896c48E843AE53a0c313E9", + "upgradeableComponents": [ + { + "entrypoint": "0xA61BeB4A3d02decb01039e378237032B351125B4", + "implementationReviewed": "0x5adDc89785D75C86aB939E9e15bfBBb7Fc086A87" + }] } }, "optimism": { From 7d72cab83b6460604d06eccb47b0ca392dc921d7 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 4 Oct 2024 11:27:37 +0200 Subject: [PATCH 31/68] Paxos wUSDL ERC4626 Fixes #163 --- rate-providers/wUSDLPaxosRateProvider.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md index 89bd571..57e8333 100644 --- a/rate-providers/wUSDLPaxosRateProvider.md +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -29,14 +29,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - upgradeable component: `wYBSV1` ([arbitrum:0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559](https://arbiscan.io/address/0x7751E2F4b8ae93EF6B79d86419d42FE3295A4559#readProxyContract)) - admin address: [arbitrum:0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5](https://arbiscan.io/address/0x501aDc5DfBf329175F9C8f036B523cc720d0F9e5#code) - admin type: multisig - - multisig threshold/signers: \ - - multisig timelock? \ + - multisig threshold/signers: 3/20 - upgradeable component: `YBSV1` ([arbitrum:0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe](https://arbiscan.io/address/0x7F850b0aB1988Dd17B69aC564c1E2857949e4dEe#code)) - admin address: [arbitrum:0x0E5087e19EB58e28DDF9F341b550BE6797547BF7](https://arbiscan.io/address/0x0E5087e19EB58e28DDF9F341b550BE6797547BF7#code) - admin type: multisig - - multisig threshold/signers: \ - - multisig timelock? \ + - multisig threshold/signers: 3/17 ### Oracles From 9ccdbb24b066f675a19b97d7df5a2ced4f9e2379 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Fri, 4 Oct 2024 11:55:34 +0200 Subject: [PATCH 32/68] Angle stUSD Mode Rate Provider Fixes #162 --- rate-providers/AngleStakedUSDARateProvider.md | 4 ++-- rate-providers/registry.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rate-providers/AngleStakedUSDARateProvider.md b/rate-providers/AngleStakedUSDARateProvider.md index 1b53468..0b9dc92 100644 --- a/rate-providers/AngleStakedUSDARateProvider.md +++ b/rate-providers/AngleStakedUSDARateProvider.md @@ -25,7 +25,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Administrative Privileges - [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). -- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). - upgradeable component: `CoreBorrow` (Access control manager) ([mode:0xA61BeB4A3d02decb01039e378237032B351125B4](https://explorer.mode.network/address/0xA61BeB4A3d02decb01039e378237032B351125B4)) - admin address: [mode:0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805](https://explorer.mode.network/address/0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805?tab=contract) - admin type: multisig @@ -66,7 +66,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - source address: - 2/3 Multisig [mode:0x7DE8289038DF0b89FFEC71Ee48a2BaD572549027](https://explorer.mode.network/address/0x7DE8289038DF0b89FFEC71Ee48a2BaD572549027) - 4/6 Multisig [mode:0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805](https://explorer.mode.network/address/0x0a393fd662C17cDC08882Ab02D0Db777AF9b5805) - - Timelock minDelay 86400 [mode:0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19](https://explorer.mode.network/address/0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19) which receives proposals via LayerZero from Mainnet. + - Timelock minDelay 86400 [mode:0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19](https://explorer.mode.network/address/0x9a5b060Bd7b8f86c4C0D720a17367729670AfB19) which receives proposals via LayerZero from Mainnet. The remote sender for this process is the Angle governance system at [ethereum:0x748bA9Cd5a5DDba5ABA70a4aC861b2413dCa4436](https://etherscan.io/address/0x748bA9Cd5a5DDba5ABA70a4aC861b2413dCa4436#code). More information about the Angle onchain governance system can be found in the [docs](https://docs.angle.money/governance/angle-dao#angle-onchain-governance-system). - any protections? YES: the max rate is set by admins ```solidity /// @notice Updates the maximum rate settable diff --git a/rate-providers/registry.json b/rate-providers/registry.json index f600ba4..83d880c 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1711,7 +1711,7 @@ "0xac8fae65008cbb22a27103160452418aa3c84128": { "asset": "0x0022228a2cc5E7eF0274A7Baa600d44da5aB5776", "name": "ERC4626RateProvider", - "summary": "", + "summary": "safe", "review": "./AngleStakedUSDARateProvider.md", "warnings": [], "factory": "0x0767bECE12a327A1eD896c48E843AE53a0c313E9", From d1a1d13f0539585fa2940d724aab77ded69cc4cf Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Fri, 4 Oct 2024 09:06:41 -0400 Subject: [PATCH 33/68] Adding Adaptor Address The adaptor address calls getRateSafe from the previously used rate contract to ensure a safety threshold is exercised between each rate update. Therefore no large jumps in rate can occur. --- rate-providers/WeETHs.md | 2 ++ rate-providers/registry.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/rate-providers/WeETHs.md b/rate-providers/WeETHs.md index 324fbc3..a3f6ca2 100644 --- a/rate-providers/WeETHs.md +++ b/rate-providers/WeETHs.md @@ -4,6 +4,8 @@ - Reviewed by: @mkflow27 - Checked by: @\ - Deployed at: + - [ethereum:0x64c04442c4bc85c49782525abe92c8a6fb714b50](https://etherscan.io/address/0x64c04442c4bc85c49782525abe92c8a6fb714b50#code) +- Adaptor to: - [ethereum:0xbe16605B22a7faCEf247363312121670DFe5afBE](https://etherscan.io/address/0xbe16605B22a7faCEf247363312121670DFe5afBE#code) - Audit report(s): - [Symbiotic](https://docs.symbiotic.fi/security) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 8d33044..121ea5b 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1061,7 +1061,7 @@ } ] }, - "0xbe16605B22a7faCEf247363312121670DFe5afBE": { + "0x64C04442C4Bc85C49782525AbE92c8a6fB714b50": { "asset": "0x917ceE801a67f933F2e6b33fC0cD1ED2d5909D88", "name": "AccountantWithRateProviders", "summary": "", From 2d7350f99e79e42bfd5a5657e17b31da0e27ca44 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 8 Oct 2024 15:45:45 +0800 Subject: [PATCH 34/68] Add checked by --- rate-providers/wUSDLPaxosRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/wUSDLPaxosRateProvider.md b/rate-providers/wUSDLPaxosRateProvider.md index 57e8333..7c374a7 100644 --- a/rate-providers/wUSDLPaxosRateProvider.md +++ b/rate-providers/wUSDLPaxosRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [arbitrum:0x4d494eF5CB1143991F7F767567aD7f55bCfDc279](https://arbiscan.io/address/0x4d494eF5CB1143991F7F767567aD7f55bCfDc279#code) - Audit report(s): From 6924a46bca7596c79c3d881152ea4b031cfaebbd Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 8 Oct 2024 16:49:26 +0800 Subject: [PATCH 35/68] Add checked by --- rate-providers/AngleStakedUSDARateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/AngleStakedUSDARateProvider.md b/rate-providers/AngleStakedUSDARateProvider.md index 0b9dc92..296b48c 100644 --- a/rate-providers/AngleStakedUSDARateProvider.md +++ b/rate-providers/AngleStakedUSDARateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [mode:0xac8fae65008cbb22a27103160452418aa3c84128](https://explorer.mode.network/address/0xac8fae65008cbb22a27103160452418aa3c84128?tab=read_contract) - Audit report(s): From 70c08273914dad4ef4286a95b144a517e0f9c4c8 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 9 Oct 2024 17:20:16 +0200 Subject: [PATCH 36/68] review: add summary & wrap up registry --- rate-providers/WeETHs.md | 4 ++-- rate-providers/registry.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rate-providers/WeETHs.md b/rate-providers/WeETHs.md index a3f6ca2..3786393 100644 --- a/rate-providers/WeETHs.md +++ b/rate-providers/WeETHs.md @@ -90,6 +90,6 @@ To save time, we do not bother pointing out low-severity/informational issues or ## Conclusion -**Summary judgment: SAFE/UNSAFE** +**Summary judgment: SAFE** -This rate provider while price data being sent from a multisig still allows for very high or low exchangeRates being stored and the pool accessing this exchange rate to trade with. This is risky as a potentially not verified exchangeRate could be sent such as a hiccup on the exchangeRate decimals. The suggestion would be to for example have `getRate` also check if the rate provider is paused due to a bad exchange rate being sent. +This rate provider should work well with Balancer pools. The rate Provider calls `getRateSafe` of the underlying rate Provider and now ensures that if the system gets paused the call to `getRate` reverts. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 121ea5b..8d082f3 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1064,7 +1064,7 @@ "0x64C04442C4Bc85C49782525AbE92c8a6fB714b50": { "asset": "0x917ceE801a67f933F2e6b33fC0cD1ED2d5909D88", "name": "AccountantWithRateProviders", - "summary": "", + "summary": "safe", "review": "./WeETHs.md", "warnings": [], "factory": "", From 6390b7c5aff94c81abf511ba15504e87b9848795 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Wed, 9 Oct 2024 16:57:31 -0400 Subject: [PATCH 37/68] Add-Factory-Table Adding factory addresses to table for chainlink and erc4626. Easier for partners and internal team to reference. --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 9dc6e28..d408936 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,20 @@ A collection of smart contract code reviews performed upon friendly request. NOTHING IN THIS REPOSITORY CONSTITUTES A FORMAL AUDIT, AND CODE SHOULD NEVER BE DEPLOYED TO PRODUCTION WITHOUT A FORMAL AUDIT. REVIEWERS ARE HUMAN; MISTAKES WILL BE MADE AND BUGS MISSED. REVIEWERS ARE NOT LIABLE FOR ANY INCIDENT THAT OCCURS POST-REVIEW. THIS IS MERELY A FRIENDLY PEER-REVIEW SERVICE AND SHOULD NOT BE TREATED AS A STAMP OF APPROVAL. REVIEWED CODE IS NOT NECESSARILY BUG-FREE. ALWAYS TRIPLE-CHECK BEFORE INTERACTING WITH SMART CONTRACTS, AND DO NOT TRUST REVIEWERS ON THE BASIS OF REPUTATION ALONE. + +Rate Provider Factories for reference + +| Network | ChainlinkRateProviderFactory | ERC4626RateProviderFactory | +| ---------- | ------------------------------------------ | ------------------------------------------ | +| Arbitrum | 0x1311Fbc9F60359639174c1e7cC2032DbDb5Cc4d1 | 0xe548a29631f9E49830bE8edc22d407b2D2915F31 | +| Avalanche | 0x76578ecf9a141296Ec657847fb45B0585bCDa3a6 | 0xfCe81cafe4b3F7e2263EFc2d907f488EBF2B238E | +| Base | 0x0A973B6DB16C2ded41dC91691Cc347BEb0e2442B | 0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A | +| Fraxtal | 0x3f170631ed9821Ca51A59D996aB095162438DC10 | N/A | +| Gnosis | 0xDB8d758BCb971e482B2C45f7F8a7740283A1bd3A | 0x15e86Be6084C6A5a8c17732D398dFbC2Ec574CEC | +| Mainnet | 0x1311Fbc9F60359639174c1e7cC2032DbDb5Cc4d1 | 0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec | +| Mode | 0x96484f2aBF5e58b15176dbF1A799627B53F13B6d | 0x0767bECE12a327A1eD896c48E843AE53a0c313E9 | +| Optimism | 0x83E443EF4f9963C77bd860f94500075556668cb8 | 0x02a569eea6f85736E2D63C59E60d27d075E75c33 | +| Polygon | 0xa3b370092aeb56770B23315252aB5E16DAcBF62B | 0x3e89cc86307aF44A77EB29d0c4163d515D348313 | +| Sepolia | 0xA8920455934Da4D853faac1f94Fe7bEf72943eF1 | N/A | +| zkEVM | 0x4132f7AcC9dB7A6cF7BE2Dd3A9DC8b30C7E6E6c8 | N/A | + From 09af55d326043a8a83abb67462c988dddfc69179 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Fri, 11 Oct 2024 12:51:16 -0400 Subject: [PATCH 38/68] stataAvaWAVAX-ERC4626-Rate-Provider Adding the stataAvaWAVAX Rate provider. Admins are based on the Aave PoolAddressesProvider https://snowscan.xyz/address/0xa97684ead0e402dC232d5A977953DF7ECBaB3CDb#readContract per previous instances. @mkflow27 is there any reason we do not reference the proxy admin as well? I find this to be a different address on Avalanche https://snowtrace.io/tx/0xb2d75568c992b57284fc8275becdab2b8e2cc32821017d17b70957f4b9d3a015/eventlog?chainid=43114#:~:text=%2C%20address)View%20Source-,Topics,-0 and Gnosis https://gnosisscan.io/address/0xe892E40C92c2E4D281Be59b2E6300F271d824E75#code, but maybe is a mute point? --- rate-providers/registry.json | 19 ++++++++++++++++++- rate-providers/statATokenLMRateProvider.md | 11 +++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 090b164..15a1c3e 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -532,7 +532,24 @@ "warnings": ["legacy"], "factory": "", "upgradeableComponents": [] - } + }, + "0x484ebac26a05e1feb7909243f293a4f79eef837a": { + "asset": "0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d", + "implementationReviewed": "0xB67347196F551d1f85B7a07e64e0E47E6c9c254a" + }, + { + "entrypoint": "0x794a61358D6845594F94dc1DB02A252b5b4814aD", + "implementationReviewed": "0x1f69d4700B34A1D9F92E55235df414FcC02A8306" + } + ] }, "base": { "0xe1b1e024f4Bc01Bdde23e891E081b76a1A914ddd": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 945cc94..15e78a9 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -18,6 +18,7 @@ - [base:0x4467Ab7BC794bb3929d77e826328BD378bf5392F](https://basescan.org/address/0x4467Ab7BC794bb3929d77e826328BD378bf5392F) - [gnosis:0x821aFE819450A359E29a5209C48f2Fa3321C8AD2](https://gnosisscan.io/address/0x821aFE819450A359E29a5209C48f2Fa3321C8AD2#readContract) - [gnosis:0x5F62fd24941B585b91EB059E0ea1a7e729357511](https://gnosisscan.io/address/0x5F62fd24941B585b91EB059E0ea1a7e729357511#code) + - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) - Audit report(s): - [Formal Verification Report For StaticAToken](https://github.com/bgd-labs/static-a-token-v3/blob/main/audits/Formal_Verification_Report_staticAToken.pdf) @@ -183,6 +184,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) + - upgradeable component: `StaticATokenLM` ([avalanche:0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d](https://snowtrace.io/address/0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d/contract/43114/readProxyContract?chainid=43114)) + - admin address: [[avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `PoolInstanceWithCustomInitialize` ([avalanche:0x794a61358D6845594F94dc1DB02A252b5b4814aD](https://snowtrace.io/address/0x794a61358D6845594F94dc1DB02A252b5b4814aD/contract/43114/readProxyContract?chainid=43114)) + - admin address: [avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + ### Oracles From d7c10b1abd93870fc7d1bfd0a75b050e00625b69 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Fri, 11 Oct 2024 12:53:54 -0400 Subject: [PATCH 39/68] Update registry.json --- rate-providers/registry.json | 1 + 1 file changed, 1 insertion(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 15a1c3e..06135c0 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -550,6 +550,7 @@ "implementationReviewed": "0x1f69d4700B34A1D9F92E55235df414FcC02A8306" } ] + } }, "base": { "0xe1b1e024f4Bc01Bdde23e891E081b76a1A914ddd": { From 05fb9cc57ca79e18a2b69e1b9155edd8738a7dd6 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 15 Oct 2024 10:04:00 +0200 Subject: [PATCH 40/68] Hinkal Rate Provider Fixes #169 --- rate-providers/HinkalEthRateProvider.md | 50 +++++++++++++++++++++++++ rate-providers/registry.json | 14 +++++++ 2 files changed, 64 insertions(+) create mode 100644 rate-providers/HinkalEthRateProvider.md diff --git a/rate-providers/HinkalEthRateProvider.md b/rate-providers/HinkalEthRateProvider.md new file mode 100644 index 0000000..61d18d9 --- /dev/null +++ b/rate-providers/HinkalEthRateProvider.md @@ -0,0 +1,50 @@ +# Rate Provider: `hTokenOracleBalancerAdaptor` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0x388BeD0F17Ad5752EBC5b4034226D4c5D33bAA9e](https://etherscan.io/address/0x388BeD0F17Ad5752EBC5b4034226D4c5D33bAA9e#code) +- Audit report(s): + - [Hinkal audits](https://hinkal-team.gitbook.io/hinkal/hinkal/integrity-check-and-security) + +## Context +Hinkal accepts ETH/ERC-20 tokens as deposits, which can be later discreetly swapped, staked, yield-farmed, transferred, or withdrawn without reference to the original deposit address. Each user holds a shielded address where tokens are stored after depositing. The rate provider reviewed reports the rate of hinkalETH via a totalAssets / totalSupply approach of the involved ERC4626 Vault. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `hToken` ([ethereum:0x270B7748CdF8243bFe68FaCE7230ef0fCE695389](https://etherscan.io/address/0x270B7748CdF8243bFe68FaCE7230ef0fCE695389#code)) + - admin address: [ethereum:0x53a1EEB0c182144B27Ca0a2010939DA33ebc207d](https://etherscan.io/address/0x53a1EEB0c182144B27Ca0a2010939DA33ebc207d) + - admin type: EOA + - multisig threshold/signers: \ + - multisig timelock? \ + - trustworthy signers? \ \ + - comment: Marked as upgradeable as the address which get's sent Ether from the `hToken` can be changed, thus potentially adding a unknown callback function that get's called from the `hToken` contract during the `addReward` execution. +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE + +This rate provider should work well with Balancer pools. The rate will increase whenever `addReward` get's called leading to potentially spiking rates (as no reward smoothing is implemented). Depending on the amount of rewards added it could be worthwhile to try to frontrun this with a deposit -> addReward -> withdraw approach. However depositing into the ERC4626 Vault is permissioned. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 090b164..9cea80f 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1516,6 +1516,20 @@ "implementationReviewed": "0xcee23c4724d70ad9f327cc86947f690494c15d48" } ] + }, + "0x388BeD0F17Ad5752EBC5b4034226D4c5D33bAA9e": { + "asset": "0x270B7748CdF8243bFe68FaCE7230ef0fCE695389", + "name": "hTokenOracleBalancerAdaptor", + "summary": "safe", + "review": "./HinkalEthRateProvider.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x270B7748CdF8243bFe68FaCE7230ef0fCE695389", + "implementationReviewed": "0x270B7748CdF8243bFe68FaCE7230ef0fCE695389" + } + ] } }, "fantom": { From 92002c9c671fad6ea3dac99758ee1b66b1b096b0 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 15 Oct 2024 16:34:42 +0200 Subject: [PATCH 41/68] ezEIGEN Rate Provider Fixes #168 --- rate-providers/ezEigenRateProvider.md | 65 +++++++++++++++++++++++++++ rate-providers/registry.json | 22 +++++++++ 2 files changed, 87 insertions(+) create mode 100644 rate-providers/ezEigenRateProvider.md diff --git a/rate-providers/ezEigenRateProvider.md b/rate-providers/ezEigenRateProvider.md new file mode 100644 index 0000000..b14263a --- /dev/null +++ b/rate-providers/ezEigenRateProvider.md @@ -0,0 +1,65 @@ +# Rate Provider: `EzRVault` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db](https://etherscan.io/token/0xd4fcde9bb1d746dd7e5463b01dd819ee06af25db#readProxyContract) +- Audit report(s): + - [Renzo audits](https://docs.renzoprotocol.com/docs/security/audits) + +## Context +$ezEIGEN is a reward-bearing token similar to Compound’s cTokens. $ezEIGEN holders earn $EIGEN rewards that will be auto-compounded and reflected in the price of $ezEIGEN. As a result, the value of $ezEIGEN increases over time relative to the underlying $EIGEN as it accumulates more rewards. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - admin address: [ethereum:0xD1e6626310fD54Eceb5b9a51dA2eC329D6D4B68A](https://etherscan.io/address/0xD1e6626310fD54Eceb5b9a51dA2eC329D6D4B68A#code) + - admin type: multisig + - multisig threshold/signers: 3/5 + - multisig timelock? [timelock](https://etherscan.io/address/0x81F6e9914136Da1A1d3b1eFd14F7E0761c3d4cc7) YES: 3 days + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `EigenStrategy` ([ethereum:0xaCB55C530Acdb2849e6d4f36992Cd8c9D50ED8F7](https://etherscan.io/address/0xaCB55C530Acdb2849e6d4f36992Cd8c9D50ED8F7#readProxyContract)) + - admin address: [ethereum:0x369e6F597e22EaB55fFb173C6d9cD234BD699111](https://etherscan.io/address/0x369e6F597e22EaB55fFb173C6d9cD234BD699111) + - admin type: multisig + - multisig threshold/signers: 1/2 + - comment: This contract is part of the Eigenlayer system and not part of the Renzo protocol domain. + + - upgradeable component: `StrategyManager` ([ethereum:0x858646372CC42E1A627fcE94aa7A7033e7CF075A](https://etherscan.io/address/0x858646372CC42E1A627fcE94aa7A7033e7CF075A)) + - admin address: [ethereum:0x369e6F597e22EaB55fFb173C6d9cD234BD699111](https://etherscan.io/address/0x369e6F597e22EaB55fFb173C6d9cD234BD699111) + - admin type: multisig + - multisig threshold/signers: 1/2 + - comment: This contract is part of the Eigenlayer system and not part of the Renzo protocol domain. + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The rate can be influenced via a token donation as part of th rate calculation requires the execution of the function + ```solidity + function _tokenBalance() internal view virtual returns (uint256) { + return underlyingToken.balanceOf(address(this)); + } + ``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE/UNSAFE** + +This rate provider should work well with Balancer pools. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 090b164..8a57120 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1516,6 +1516,28 @@ "implementationReviewed": "0xcee23c4724d70ad9f327cc86947f690494c15d48" } ] + }, + "0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db": { + "asset": "0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db", + "name": "EzRVault", + "summary": "", + "review": "./ezEigenRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xD1e6626310fD54Eceb5b9a51dA2eC329D6D4B68A", + "implementationReviewed": "0xd9Db270c1B5E3Bd161E8c8503c55cEABeE709552" + }, + { + "entrypoint": "0xaCB55C530Acdb2849e6d4f36992Cd8c9D50ED8F7", + "implementationReviewed": "0x27e7a3A81741B9fcc5Ad7edCBf9F8a72a5c00428" + }, + { + "entrypoint": "0x858646372CC42E1A627fcE94aa7A7033e7CF075A", + "implementationReviewed": "0x70f44C13944d49a236E3cD7a94f48f5daB6C619b" + } + ] } }, "fantom": { From c8775b321fb0687a53a6e18df89037b01f151458 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 16 Oct 2024 09:33:33 +0200 Subject: [PATCH 42/68] docs: format --- rate-providers/statATokenLMRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 15e78a9..61832a1 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -186,7 +186,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) - upgradeable component: `StaticATokenLM` ([avalanche:0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d](https://snowtrace.io/address/0x6A02C7a974F1F13A67980C80F774eC1d2eD8f98d/contract/43114/readProxyContract?chainid=43114)) - - admin address: [[avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin address: [avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) - admin type: Aave governance system. - multisig timelock? YES: 24 hours. -upgradeable component: `PoolInstanceWithCustomInitialize` ([avalanche:0x794a61358D6845594F94dc1DB02A252b5b4814aD](https://snowtrace.io/address/0x794a61358D6845594F94dc1DB02A252b5b4814aD/contract/43114/readProxyContract?chainid=43114)) From 95f37e7192c9040b9b4d459b50d6073549a51015 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 16 Oct 2024 11:07:38 +0200 Subject: [PATCH 43/68] review: update --- rate-providers/HinkalEthRateProvider.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/rate-providers/HinkalEthRateProvider.md b/rate-providers/HinkalEthRateProvider.md index 61d18d9..7c24eaf 100644 --- a/rate-providers/HinkalEthRateProvider.md +++ b/rate-providers/HinkalEthRateProvider.md @@ -29,10 +29,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - upgradeable component: `hToken` ([ethereum:0x270B7748CdF8243bFe68FaCE7230ef0fCE695389](https://etherscan.io/address/0x270B7748CdF8243bFe68FaCE7230ef0fCE695389#code)) - admin address: [ethereum:0x53a1EEB0c182144B27Ca0a2010939DA33ebc207d](https://etherscan.io/address/0x53a1EEB0c182144B27Ca0a2010939DA33ebc207d) - admin type: EOA - - multisig threshold/signers: \ - - multisig timelock? \ - - trustworthy signers? \ \ - - comment: Marked as upgradeable as the address which get's sent Ether from the `hToken` can be changed, thus potentially adding a unknown callback function that get's called from the `hToken` contract during the `addReward` execution. + - comment: Marked as upgradeable as the address which get's sent Ether from the `hToken` can be changed, thus potentially adding a unknown fallback function that get's called from the `hToken` contract during the `addReward` execution. ### Oracles - [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). From 226a7bd41903f0cec29432725e7df1c6dfa6a579 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 16 Oct 2024 11:14:19 +0200 Subject: [PATCH 44/68] ezEIGEN Rate Provider Fixes #168 --- rate-providers/ezEigenRateProvider.md | 4 ++-- rate-providers/registry.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rate-providers/ezEigenRateProvider.md b/rate-providers/ezEigenRateProvider.md index b14263a..031163a 100644 --- a/rate-providers/ezEigenRateProvider.md +++ b/rate-providers/ezEigenRateProvider.md @@ -60,6 +60,6 @@ If none of these is checked, then this might be a pretty great Rate Provider! If To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. ## Conclusion -**Summary judgment: SAFE/UNSAFE** +**Summary judgment: SAFE** -This rate provider should work well with Balancer pools. +This rate provider should work well with Balancer pools. The upgradeability of the contracts in Renzo protocol's domain are guarded behind a multisig and a Timelock. However the callchain of the rate provider has downstream dependencies on Eigenlayer contracts which are upgradeable by a 1/2 Multisig. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 8a57120..8a1363c 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1520,9 +1520,9 @@ "0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db": { "asset": "0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db", "name": "EzRVault", - "summary": "", + "summary": "safe", "review": "./ezEigenRateProvider.md", - "warnings": [], + "warnings": ["eoaUpgradeable"], "factory": "", "upgradeableComponents": [ { From e1d983ac525fa5eb92efcfa0213963a4d165cea9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 17 Oct 2024 17:23:34 +0800 Subject: [PATCH 45/68] add checked by --- rate-providers/ezEigenRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/ezEigenRateProvider.md b/rate-providers/ezEigenRateProvider.md index 031163a..00ddb3a 100644 --- a/rate-providers/ezEigenRateProvider.md +++ b/rate-providers/ezEigenRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0xd4fcde9bb1d746Dd7e5463b01Dd819EE06aF25db](https://etherscan.io/token/0xd4fcde9bb1d746dd7e5463b01dd819ee06af25db#readProxyContract) - Audit report(s): From b7dd32cb2b5def0db494c3eb2e7fba2536d67334 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 17 Oct 2024 17:59:28 +0800 Subject: [PATCH 46/68] add checked by --- rate-providers/HinkalEthRateProvider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rate-providers/HinkalEthRateProvider.md b/rate-providers/HinkalEthRateProvider.md index 7c24eaf..d08d2ea 100644 --- a/rate-providers/HinkalEthRateProvider.md +++ b/rate-providers/HinkalEthRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0x388BeD0F17Ad5752EBC5b4034226D4c5D33bAA9e](https://etherscan.io/address/0x388BeD0F17Ad5752EBC5b4034226D4c5D33bAA9e#code) - Audit report(s): @@ -42,6 +42,6 @@ If none of these is checked, then this might be a pretty great Rate Provider! If To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. ## Conclusion -**Summary judgment: SAFE +**Summary judgment: SAFE** This rate provider should work well with Balancer pools. The rate will increase whenever `addReward` get's called leading to potentially spiking rates (as no reward smoothing is implemented). Depending on the amount of rewards added it could be worthwhile to try to frontrun this with a deposit -> addReward -> withdraw approach. However depositing into the ERC4626 Vault is permissioned. From a1dbf877cb2d2285a821a087a2175127668f02b5 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 23 Oct 2024 11:43:51 +0200 Subject: [PATCH 47/68] Treehouse tETH Rate Provider Fixes #176 --- rate-providers/TreehouseRateProvider.md | 51 +++++++++++++++++++++++++ rate-providers/registry.json | 14 +++++++ 2 files changed, 65 insertions(+) create mode 100644 rate-providers/TreehouseRateProvider.md diff --git a/rate-providers/TreehouseRateProvider.md b/rate-providers/TreehouseRateProvider.md new file mode 100644 index 0000000..477896d --- /dev/null +++ b/rate-providers/TreehouseRateProvider.md @@ -0,0 +1,51 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum::0x7C53f86d9a6B01821F916802A7606E9255DfE4e2](https://etherscan.io/address/0x7C53f86d9a6B01821F916802A7606E9255DfE4e2) +- Audit report(s): + - [Treehouse audits](https://github.com/treehouse-gaia/audit-report) + +## Context +Treehouse is a decentralized application that introduces Treehouse Assets (tAssets) and Decentralized Offered Rates (DOR), new primitives that enable fixed income products in digital assets. Users who deposit ETH or liquid staking tokens (LST) into the protocol receive tETH and contribute to the convergence of fragmented on-chain ETH rates. The rate provider works based on reporting totalAssets / totalSupply. In contracts to usual ERC4626 Vaults, `totalAssets` are not based on the underlyings token balances but rather a "mirrored" accounting contract that has additional ways of having `totalAssets` of the Vault increased, the so called Accounting unit. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `TAsset` ([ethereum:0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8](https://etherscan.io/address/0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8#readProxyContract)) + - admin address: [ethereum:0x22261B4D6F629D8cF946C3524df86bF7222901F6](https://etherscan.io/address/0x22261B4D6F629D8cF946C3524df86bF7222901F6) + - admin type: multisig + - multisig threshold/signers: 5/7 + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Since the pricing data is based on a "mirrored" underlying, the various addresses which can function as an oracle are stated here + - source address: + - [ethereum:0x22261B4D6F629D8cF946C3524df86bF7222901F6](https://etherscan.io/address/0x22261B4D6F629D8cF946C3524df86bF7222901F6). This 5/7 multisig has capabilities to mint underlying assets such that `totalAssets` can increase. + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. Upgradeability mechanisms are secured by a multisig. It is important to note that technically the `asset` of this ERC4626 Vault is not wsteth, but a internal accounting contract which can report different assets held compared to wsteth in the Vault. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 6179aaf..cc8803d 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1556,6 +1556,20 @@ "implementationReviewed": "0x70f44C13944d49a236E3cD7a94f48f5daB6C619b" } ] + }, + "0x7C53f86d9a6B01821F916802A7606E9255DfE4e2": { + "asset": "0x1B6238E95bBCABEE58997c99BaDD4154ad68BA92", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./TreehouseRateProvider.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8", + "implementationReviewed": "0xD1A622566F277AA76c3C47A30469432AAec95E38" + } + ] } }, "fantom": { From 34280523adffbd5557bbbc530b3c0633a5d6311d Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Wed, 23 Oct 2024 07:49:30 -0400 Subject: [PATCH 48/68] Updating tETH asset 0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8 is correct, previous is the internal accounting unit for tETH 0x1B6238E95bBCABEE58997c99BaDD4154ad68BA92 --- rate-providers/registry.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 22ab9ee..bca9fc8 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1572,7 +1572,7 @@ ] }, "0x7C53f86d9a6B01821F916802A7606E9255DfE4e2": { - "asset": "0x1B6238E95bBCABEE58997c99BaDD4154ad68BA92", + "asset": "0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8", "name": "ERC4626RateProvider", "summary": "safe", "review": "./TreehouseRateProvider.md", From ddbab05a8b0d0d040a832f0d0e5e478c6c79923a Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Wed, 23 Oct 2024 07:59:16 -0400 Subject: [PATCH 49/68] Update summary Adds details to summary regarding difference between pool asset tETH and underlying internal accounting unit. --- rate-providers/TreehouseRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/TreehouseRateProvider.md b/rate-providers/TreehouseRateProvider.md index 477896d..f683c65 100644 --- a/rate-providers/TreehouseRateProvider.md +++ b/rate-providers/TreehouseRateProvider.md @@ -48,4 +48,4 @@ To save time, we do not bother pointing out low-severity/informational issues or ## Conclusion **Summary judgment: SAFE** -This rate provider should work well with Balancer pools. Upgradeability mechanisms are secured by a multisig. It is important to note that technically the `asset` of this ERC4626 Vault is not wsteth, but a internal accounting contract which can report different assets held compared to wsteth in the Vault. +This rate provider should work well with Balancer pools. Upgradeability mechanisms are secured by a multisig. It is important to note that technically the `asset` of this ERC4626 Vault is not wsteth, but a internal accounting contract which can report different assets held compared to wsteth in the Vault. Technically, the pool asset will be displayed as tETH [ethereum:0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8](https://etherscan.io/address/0xD11c452fc99cF405034ee446803b6F6c1F6d5ED8#readProxyContract) in any respective pool, however it is notable that the actual asset is the underlying internal accounting unit [ethereum:0x1B6238E95bBCABEE58997c99BaDD4154ad68BA92](https://etherscan.io/address/0x1B6238E95bBCABEE58997c99BaDD4154ad68BA92). From 469fdc124664a394834cf7de2a8477cf752c03ce Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 23 Oct 2024 14:48:28 +0200 Subject: [PATCH 50/68] review: Kernel rate providers --- rate-providers/KernelRateProviders.md | 74 +++++++++++++++++++++++++++ rate-providers/registry.json | 35 ++++++++++++- 2 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 rate-providers/KernelRateProviders.md diff --git a/rate-providers/KernelRateProviders.md b/rate-providers/KernelRateProviders.md new file mode 100644 index 0000000..3b56dc6 --- /dev/null +++ b/rate-providers/KernelRateProviders.md @@ -0,0 +1,74 @@ +# Rate Provider: `krETHRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [ethereum:0xEE246a8a09a055e60b4EF38DEF201e10bcf82644](https://etherscan.io/address/0xEE246a8a09a055e60b4EF38DEF201e10bcf82644#code) + - [ethereum:0x094C9b71ad7b6C09fe592F2aE10dFb1dc2B73623](https://etherscan.io/address/0x094C9b71ad7b6C09fe592F2aE10dFb1dc2B73623#readContract) +- Audit report(s): + - [Kernel Protocol review](https://drive.google.com/file/d/1MqenDKmDDb6OcsG-0YTlQAwlfFndSk7J/view) + +## Context +Kernel Protocol will be offering a suite of Karak Native LRTs that allow users to restake assets on Karak and receive LRT tokens that can be deployed in further yield-bearing DeFi activities. The rate providers in this review are essentially wrappers of downstream LST/LRT rate providers. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `krETH` ([ethereum:0xf02C96DbbB92DC0325AD52B3f9F2b951f972bf00](https://etherscan.io/address/0xf02C96DbbB92DC0325AD52B3f9F2b951f972bf00#code)) + - admin address: [ethereum:0xe0EB63B4E18FF1e646ab7E37510E6EaF287AdE3D](https://etherscan.io/address/0xe0EB63B4E18FF1e646ab7E37510E6EaF287AdE3D) + - admin type: multisig + - multisig threshold/signers: 3/6 + - comment: The owner can add new tokens which are part of the rate calculation. + + - upgradeable component: `ksETH` ([ethereum:0x513D27c94C0D81eeD9DC2a88b4531a69993187cF](https://etherscan.io/address/0x513D27c94C0D81eeD9DC2a88b4531a69993187cF)) + - admin address: [ethereum:0xe0EB63B4E18FF1e646ab7E37510E6EaF287AdE3D](https://etherscan.io/address/0xe0EB63B4E18FF1e646ab7E37510E6EaF287AdE3D) + - admin type: multisig + - multisig threshold/signers: 3/6 + - comment: The owner can add new tokens which are part of the rate calculation. + + - upgradeable component: Downstream components of krETH are upgradeable. Since they are many, their upgradeability mechanics & admins are listed here. The reader is expected to investigate them themselves due to the amount of dependencies involved. They are currently: + #### KrETH downstream dependencies + The below contracts are part of the krETH downstream dependencies + - Renzo Restakted ETH [ethereum:0xbf5495Efe5DB9ce00f80364C8B423567e58d2110](https://etherscan.io/address/0xbf5495Efe5DB9ce00f80364C8B423567e58d2110) + - mstETH [ethereum:0x49446A0874197839D15395B908328a74ccc96Bc0](https://etherscan.io/address/0x49446A0874197839D15395B908328a74ccc96Bc0) + - mswETH [ethereum:0x32bd822d615A3658A68b6fDD30c2fcb2C996D678](https://etherscan.io/address/0x32bd822d615A3658A68b6fDD30c2fcb2C996D678) + - pufETH [ethereum:0xD9A442856C234a39a81a089C06451EBAa4306a72](https://etherscan.io/address/0xD9A442856C234a39a81a089C06451EBAa4306a72) + - rsETH [ethereum:0xA1290d69c65A6Fe4DF752f95823fae25cB99e5A7](https://etherscan.io/address/0xA1290d69c65A6Fe4DF752f95823fae25cB99e5A7) + - weeth [ethereum:0xCd5fE23C85820F7B72D0926FC9b05b43E359b7ee](https://etherscan.io/address/0xCd5fE23C85820F7B72D0926FC9b05b43E359b7ee) + Further information for some of the involved dependencies can be found within this repository. + ### kstETH downstream dependencies + The below contracts are part of the ksETH downstream dependencies + - Pirex Ether [ethereum:0x9Ba021B0a9b958B5E75cE9f6dff97C7eE52cb3E6](https://etherscan.io/address/0x9Ba021B0a9b958B5E75cE9f6dff97C7eE52cb3E6) + - Coinbase Ether [ethereum:0xBe9895146f7AF43049ca1c1AE358B0541Ea49704](https://etherscan.io/address/0xBe9895146f7AF43049ca1c1AE358B0541Ea49704) + - rETH [ethereum:0xae78736Cd615f374D3085123A210448E74Fc6393](https://etherscan.io/address/0xae78736Cd615f374D3085123A210448E74Fc6393) + - Swell Ether [ethereum:0xf951E335afb289353dc249e82926178EaC7DEd78](https://etherscan.io/address/0xf951E335afb289353dc249e82926178EaC7DEd78) + - wstETH [ethereum:0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0](https://etherscan.io/address/0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0) + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The downstream dependencies are industrywide established tokens and the admin functionality of the ksETH and krETH are guarded behind a multisig. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index d10f068..970430b 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1570,6 +1570,34 @@ "implementationReviewed": "0x270B7748CdF8243bFe68FaCE7230ef0fCE695389" } ] + }, + "0xEE246a8a09a055e60b4EF38DEF201e10bcf82644": { + "asset": "0xf02C96DbbB92DC0325AD52B3f9F2b951f972bf00", + "name": "krETHRateProvider", + "summary": "safe", + "review": "./KernelRateProviders.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xf02C96DbbB92DC0325AD52B3f9F2b951f972bf00", + "implementationReviewed": "0xf02C96DbbB92DC0325AD52B3f9F2b951f972bf00" + } + ] + }, + "0x094C9b71ad7b6C09fe592F2aE10dFb1dc2B73623": { + "asset": "0x513D27c94C0D81eeD9DC2a88b4531a69993187cF", + "name": "ksETHRateProvider", + "summary": "safe", + "review": "./KernelRateProviders.md", + "warnings": [""], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x513D27c94C0D81eeD9DC2a88b4531a69993187cF", + "implementationReviewed": "0x513D27c94C0D81eeD9DC2a88b4531a69993187cF" + } + ] } }, "fantom": { @@ -1580,7 +1608,12 @@ "review": "./LegacyReview.md", "warnings": ["legacy"], "factory": "", - "upgradeableComponents": [] + "upgradeableComponents": [ + { + "entrypoint": "0x513D27c94C0D81eeD9DC2a88b4531a69993187cF", + "implementationReviewed": "0x513D27c94C0D81eeD9DC2a88b4531a69993187cF" + } + ] } }, "fraxtal": { From 93944326211e647370aac5ca69b7cb8ef3a23b01 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 24 Oct 2024 20:39:50 +0800 Subject: [PATCH 51/68] add checked by --- rate-providers/KernelRateProviders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/KernelRateProviders.md b/rate-providers/KernelRateProviders.md index 3b56dc6..f7ecd1f 100644 --- a/rate-providers/KernelRateProviders.md +++ b/rate-providers/KernelRateProviders.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0xEE246a8a09a055e60b4EF38DEF201e10bcf82644](https://etherscan.io/address/0xEE246a8a09a055e60b4EF38DEF201e10bcf82644#code) - [ethereum:0x094C9b71ad7b6C09fe592F2aE10dFb1dc2B73623](https://etherscan.io/address/0x094C9b71ad7b6C09fe592F2aE10dFb1dc2B73623#readContract) From 02cb9654963fe2f1e3367ed3208b468e5f84a448 Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 24 Oct 2024 20:41:00 +0800 Subject: [PATCH 52/68] add checked by --- rate-providers/TreehouseRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/TreehouseRateProvider.md b/rate-providers/TreehouseRateProvider.md index f683c65..8643176 100644 --- a/rate-providers/TreehouseRateProvider.md +++ b/rate-providers/TreehouseRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum::0x7C53f86d9a6B01821F916802A7606E9255DfE4e2](https://etherscan.io/address/0x7C53f86d9a6B01821F916802A7606E9255DfE4e2) - Audit report(s): From 4551e31c02fbe6da06b5166288c15c67e02c7e65 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 25 Oct 2024 20:53:12 +0800 Subject: [PATCH 53/68] Add checked by --- rate-providers/WeETHs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/WeETHs.md b/rate-providers/WeETHs.md index 3786393..387981b 100644 --- a/rate-providers/WeETHs.md +++ b/rate-providers/WeETHs.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [ethereum:0x64c04442c4bc85c49782525abe92c8a6fb714b50](https://etherscan.io/address/0x64c04442c4bc85c49782525abe92c8a6fb714b50#code) - Adaptor to: From d08b82a18adab17fe6b383a555ffa40f8bb1ef2f Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 30 Oct 2024 17:08:27 +0100 Subject: [PATCH 54/68] Pyth wUSDM Rate Provider - Mode Fixes #179 --- rate-providers/registry.json | 13 ++++++ rate-providers/wUSDMRateProviderPyth.md | 60 +++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 rate-providers/wUSDMRateProviderPyth.md diff --git a/rate-providers/registry.json b/rate-providers/registry.json index e815711..6434f1e 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1848,6 +1848,19 @@ "entrypoint": "0xA61BeB4A3d02decb01039e378237032B351125B4", "implementationReviewed": "0x5adDc89785D75C86aB939E9e15bfBBb7Fc086A87" }] + }, + "0xFE1862BdCAf17ADf2D83eEb0Da98dAE04492F4f7": { + "asset": "0x90993Ac1734b023dEEc548b87B11F5d2dcD3818E", + "name": "ChainlinkRateProvider", + "summary": "safe", + "review": "./wUSDMRateProviderPyth.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xA2aa501b19aff244D90cc15a4Cf739D2725B5729", + "implementationReviewed": "0xEbe57e8045F2F230872523bbff7374986E45C486" + }] } }, "optimism": { diff --git a/rate-providers/wUSDMRateProviderPyth.md b/rate-providers/wUSDMRateProviderPyth.md new file mode 100644 index 0000000..edb5fba --- /dev/null +++ b/rate-providers/wUSDMRateProviderPyth.md @@ -0,0 +1,60 @@ +# Rate Provider: `ChainlinkRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [mode:0xFE1862BdCAf17ADf2D83eEb0Da98dAE04492F4f7](https://modescan.io/address/0xFE1862BdCAf17ADf2D83eEb0Da98dAE04492F4f7/contract/34443/readContract) +- Audit report(s): + - [Pyth security](https://docs.pyth.network/home/security) + +## Context +The wUSDM contract is an ERC-4626 (following the tokenized vault standard, leveraging the OpenZeppelin implementation), enabling users to deposit USDM in exchange for wUSDM tokens. The USDM tokens are rebasing, whereas the wUSDM tokens are non-rebasing, making wUSDM easier to integrate in DeFi protocols. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `PythUpgradable` ([mode:0xA2aa501b19aff244D90cc15a4Cf739D2725B5729](https://modescan.io/address/0xA2aa501b19aff244D90cc15a4Cf739D2725B5729/contract/34443/readProxyContract)) + - admin address: [mode:0x0000000000000000000000000000000000000000](https://modescan.io/address/0x0000000000000000000000000000000000000000) + - admin type: Burned + - comment: The upgradeability admin is set to the zero address. See for this also the code comments + ```solidity + // Only allow the owner to upgrade the proxy to a new implementation. + // The contract has no owner so this function will always revert + // but UUPSUpgradeable expects this method to be implemented. + function _authorizeUpgrade(address) internal override onlyOwner {} + ``` + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Pyth network signed data + - source address: Any address that has access to signed price data, which can be fetched from the pyth network api. + - any protections? YES: price data must be signed by the python network. More information can be found in the pyth [api docs](https://api-reference.pyth.network/price-feeds/evm/updatePriceFeeds) + > This method updates the on-chain price feeds using the provided updateData, which contains serialized and signed price update data from Pyth Network. You can retrieve the latest price updateData for a given set of price feeds from the Hermes API. + + A sample transaction where signed price data was fetched can be found [here](https://modescan.io/tx/0x88af7668d46c6c1769adc40d89571cc31b080bcd08610f463df1babf83e7a0d8) where price data was fetched from the hermes api [here](https://hermes.pyth.network/docs/#/rest/latest_price_updates). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. It is important to note that this pricefeed does not have a staleness check and the underlying pyth price data can return a price from arbitrarily in the past. Additional upgradeability powers are considered burned. From dd3baae6c080fe0c3a7cfceb548563ca52f331db Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Thu, 31 Oct 2024 09:54:59 +0100 Subject: [PATCH 55/68] stataAvaUSDC ERC4626RateProvider on Avalanche Fixes #180 --- rate-providers/registry.json | 18 ++++++++++++++++++ rate-providers/statATokenLMRateProvider.md | 11 +++++++++++ 2 files changed, 29 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 6d06fd8..4533822 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -550,6 +550,24 @@ "implementationReviewed": "0x1f69d4700B34A1D9F92E55235df414FcC02A8306" } ] + }, + "0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767": { + "asset": "0xC509aB7bB4eDbF193b82264D499a7Fc526Cd01F4", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [], + "factory": "0xfCe81cafe4b3F7e2263EFc2d907f488EBF2B238E", + "upgradeableComponents": [ + { + "entrypoint": "0xC509aB7bB4eDbF193b82264D499a7Fc526Cd01F4", + "implementationReviewed": "0xB67347196F551d1f85B7a07e64e0E47E6c9c254a" + }, + { + "entrypoint": "0x794a61358D6845594F94dc1DB02A252b5b4814aD", + "implementationReviewed": "0x5DFb8c777C19d3cEdcDc7398d2EeF1FB0b9b05c9" + } + ] } }, "base": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 61832a1..bb97e08 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -19,6 +19,7 @@ - [gnosis:0x821aFE819450A359E29a5209C48f2Fa3321C8AD2](https://gnosisscan.io/address/0x821aFE819450A359E29a5209C48f2Fa3321C8AD2#readContract) - [gnosis:0x5F62fd24941B585b91EB059E0ea1a7e729357511](https://gnosisscan.io/address/0x5F62fd24941B585b91EB059E0ea1a7e729357511#code) - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) + - [avalanche:0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767](https://snowtrace.io/address/0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767/contract/43114/readContract?chainid=43114) - Audit report(s): - [Formal Verification Report For StaticAToken](https://github.com/bgd-labs/static-a-token-v3/blob/main/audits/Formal_Verification_Report_staticAToken.pdf) @@ -194,6 +195,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) + - upgradeable component: `StaticATokenLM` ([avalanche:0xC509aB7bB4eDbF193b82264D499a7Fc526Cd01F4](https://snowtrace.io/address/0xC509aB7bB4eDbF193b82264D499a7Fc526Cd01F4/contract/43114/readProxyContract?chainid=43114)) + - admin address: [avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `PoolInstance` ([avalanche:0x794a61358D6845594F94dc1DB02A252b5b4814aD](https://snowtrace.io/address/0x794a61358D6845594F94dc1DB02A252b5b4814aD)) + - admin address: [avalanche:0x3C06dce358add17aAf230f2234bCCC4afd50d090](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + ### Oracles From f80800769e6f140daaed39410f58dfde5c562f4b Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 31 Oct 2024 18:47:16 +0800 Subject: [PATCH 56/68] add checked by --- rate-providers/wUSDMRateProviderPyth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/wUSDMRateProviderPyth.md b/rate-providers/wUSDMRateProviderPyth.md index edb5fba..299b879 100644 --- a/rate-providers/wUSDMRateProviderPyth.md +++ b/rate-providers/wUSDMRateProviderPyth.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [mode:0xFE1862BdCAf17ADf2D83eEb0Da98dAE04492F4f7](https://modescan.io/address/0xFE1862BdCAf17ADf2D83eEb0Da98dAE04492F4f7/contract/34443/readContract) - Audit report(s): From 0d5a30b35cba5bf551c5a7fab5247a581b40c914 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Thu, 31 Oct 2024 12:06:13 -0400 Subject: [PATCH 57/68] USDCConstantRateProvider Adds necessary rate providers to repo for Gyroscope proposal: https://forum.balancer.fi/t/bip-731-enable-several-e-clp-gauges-base/6148 This includes 3 constant rate providers which the format has been reviewed before for GYD, in this case for USDC. Also adding the chainlink rate provider deployed for wstETH on Base. --- rate-providers/USDCConstantRateProvider.md | 48 ++++++++++++++++++++++ rate-providers/registry.json | 27 ++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 rate-providers/USDCConstantRateProvider.md diff --git a/rate-providers/USDCConstantRateProvider.md b/rate-providers/USDCConstantRateProvider.md new file mode 100644 index 0000000..c179dc0 --- /dev/null +++ b/rate-providers/USDCConstantRateProvider.md @@ -0,0 +1,48 @@ +# Rate Provider: `ConstantRateProvider` + +## Details +- Reviewed by: @Zen-Maxi +- Checked by: @mkflow27 +- Deployed at: + - [base:0x5E10C2a55fB6E4C14c50C7f6B82bb28A813a4748](https://basescan.org/address/0x5E10C2a55fB6E4C14c50C7f6B82bb28A813a4748) + - [base:0x3e89cc86307aF44A77EB29d0c4163d515D348313](https://basescan.org/address/0x3e89cc86307aF44A77EB29d0c4163d515D348313) + - [base:0x3fA516CEB5d068b60FDC0c68a3B793Fc43B88f15](https://basescan.org/address/0x3fA516CEB5d068b60FDC0c68a3B793Fc43B88f15) +- Audit report(s): + - [Gyro audits](https://docs.gyro.finance/gyroscope-protocol/audit-reports) + +## Context +This rate provider reports a constant rate which upscales the gyd price to a specific area of the ellipsis pricing function. +> reason for the constant rate provider is to scale the prices that the pool does its math at to the part of the ellipse that is near 1:1 (as opposed to 2500:1 for ETH pricing). Reason there is because this region is better tested (although in principle, the rounding analysis should apply to a much wider range of parameters and pool prices -- but feels slightly safer to use the scaling) + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +The required `getRate` value for this particular case scales the balances to the required pricing point on the gyro pricing curve. For more information see also the [gauge proposal](https://forum.balancer.fi/t/bip-731-enable-several-e-clp-gauges-base/6148). Note: This rateProvider should not be used for other pools to provide rate data for USDC or similar stablecoins. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 224e696..baf6e7a 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -650,6 +650,33 @@ "warnings": ["legacy"], "factory": "", "upgradeableComponents": [] + }, + "0x5E10C2a55fB6E4C14c50C7f6B82bb28A813a4748": { + "asset": "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./USDCConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] + }, + "0x3e89cc86307aF44A77EB29d0c4163d515D348313": { + "asset": "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./USDCConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] + }, + "0x3fA516CEB5d068b60FDC0c68a3B793Fc43B88f15": { + "asset": "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913", + "name": "ConstantRateProvider", + "summary": "safe", + "review": "./USDCConstantRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "ethereum": { From 9e95eeab3accb1bcda0601834ada18446729e309 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Thu, 31 Oct 2024 15:48:23 -0400 Subject: [PATCH 58/68] Update registry.json --- rate-providers/registry.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index baf6e7a..60fd5a9 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -677,6 +677,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1": { + "asset": "0xc1cba3fcea344f92d9239c08c0568f6f2f0ee452", + "name": "wstETH Rate Provider", + "summary": "safe", + "review": "./ChainLinkRateProvider.md", + "warnings": ["chainlink"], + "factory": "0x0A973B6DB16C2ded41dC91691Cc347BEb0e2442B", + "upgradeableComponents": [] } }, "ethereum": { From cddd7d2c71722fd55bc6515710460fb9498e42f7 Mon Sep 17 00:00:00 2001 From: Zen-Maxi <85650601+Zen-Maxi@users.noreply.github.com> Date: Fri, 1 Nov 2024 10:48:58 -0400 Subject: [PATCH 59/68] Update USDCConstantRateProvider.md Co-authored-by: mkflow27 --- rate-providers/USDCConstantRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/USDCConstantRateProvider.md b/rate-providers/USDCConstantRateProvider.md index c179dc0..5287dcd 100644 --- a/rate-providers/USDCConstantRateProvider.md +++ b/rate-providers/USDCConstantRateProvider.md @@ -11,7 +11,7 @@ - [Gyro audits](https://docs.gyro.finance/gyroscope-protocol/audit-reports) ## Context -This rate provider reports a constant rate which upscales the gyd price to a specific area of the ellipsis pricing function. +This rate provider reports a constant rate which upscales the usdc price to a specific area of the ellipsis pricing function. > reason for the constant rate provider is to scale the prices that the pool does its math at to the part of the ellipse that is near 1:1 (as opposed to 2500:1 for ETH pricing). Reason there is because this region is better tested (although in principle, the rounding analysis should apply to a much wider range of parameters and pool prices -- but feels slightly safer to use the scaling) ## Review Checklist: Bare Minimum Compatibility From 5a6adc389e0744ad6b855d4c9689ed1a7e5684a0 Mon Sep 17 00:00:00 2001 From: franz Date: Mon, 4 Nov 2024 17:02:34 +0100 Subject: [PATCH 60/68] add boosted and hook review files --- boosted_pools/AaveV3Boosted.md | 31 +++++++++++++++++++++++++++++++ boosted_pools/registry.json | 28 ++++++++++++++++++++++++++++ hooks/DirectionalFeeHook.md | 26 ++++++++++++++++++++++++++ hooks/ExitFeeHook.md | 26 ++++++++++++++++++++++++++ hooks/FeeTakingHook.md | 26 ++++++++++++++++++++++++++ hooks/LotteryHook.md | 26 ++++++++++++++++++++++++++ hooks/registry.json | 32 ++++++++++++++++++++++++++++++++ 7 files changed, 195 insertions(+) create mode 100644 boosted_pools/AaveV3Boosted.md create mode 100644 boosted_pools/registry.json create mode 100644 hooks/DirectionalFeeHook.md create mode 100644 hooks/ExitFeeHook.md create mode 100644 hooks/FeeTakingHook.md create mode 100644 hooks/LotteryHook.md create mode 100644 hooks/registry.json diff --git a/boosted_pools/AaveV3Boosted.md b/boosted_pools/AaveV3Boosted.md new file mode 100644 index 0000000..890c0c9 --- /dev/null +++ b/boosted_pools/AaveV3Boosted.md @@ -0,0 +1,31 @@ +# ERC4626: `Aave V3` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - DAI: + - [sepolia:0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17](https://sepolia.etherscan.io/address/0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17) + - USDC: + - [sepolia:0x8A88124522dbBF1E56352ba3DE1d9F78C143751e](https://sepolia.etherscan.io/address/0x8A88124522dbBF1E56352ba3DE1d9F78C143751e) + - USDT: + - [sepolia:0x978206fAe13faF5a8d293FB614326B237684B750](https://sepolia.etherscan.io/address/0x978206fAe13faF5a8d293FB614326B237684B750) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/boosted_pools/registry.json b/boosted_pools/registry.json new file mode 100644 index 0000000..8ad2d05 --- /dev/null +++ b/boosted_pools/registry.json @@ -0,0 +1,28 @@ +{ + "sepolia":{ + "0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17":{ + "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", + "name": "Static Aave Ethereum DAI", + "icon": "https://url.to/theBoostedByLogo.png", + "summary": "safe", + "review": "./AaveV3Boosted.md", + "warnings": [] + }, + "0x94a9d9ac8a22534e3faca9f4e7f2e2cf85d5e4c8":{ + "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", + "name": "Static Aave Ethereum USDT", + "icon": "https://url.to/theBoostedByLogo.png", + "summary": "safe", + "review": "./AaveV3Boosted.md", + "warnings": [] + }, + "0x978206fAe13faF5a8d293FB614326B237684B750":{ + "underlying":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0", + "name": "Static Aave Ethereum USDC", + "icon": "https://url.to/theBoostedByLogo.png", + "summary": "safe", + "review": "./AaveV3Boosted.md", + "warnings": [] + } + } +} \ No newline at end of file diff --git a/hooks/DirectionalFeeHook.md b/hooks/DirectionalFeeHook.md new file mode 100644 index 0000000..292b4cd --- /dev/null +++ b/hooks/DirectionalFeeHook.md @@ -0,0 +1,26 @@ +# Hook: `Directional Fee` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [sepolia:0xcdF93FaB48405bb9df9c321b6306e701be6F9859](https://sepolia.etherscan.io/address/0xcdF93FaB48405bb9df9c321b6306e701be6F9859) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/hooks/ExitFeeHook.md b/hooks/ExitFeeHook.md new file mode 100644 index 0000000..7212849 --- /dev/null +++ b/hooks/ExitFeeHook.md @@ -0,0 +1,26 @@ +# Hook: `Exit Fee` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [sepolia:0x307d96183f133c738Af11D1971BF0A5ee15312be](https://sepolia.etherscan.io/address/0x307d96183f133c738Af11D1971BF0A5ee15312be) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/hooks/FeeTakingHook.md b/hooks/FeeTakingHook.md new file mode 100644 index 0000000..88d2f2a --- /dev/null +++ b/hooks/FeeTakingHook.md @@ -0,0 +1,26 @@ +# Hook: `Fee Taking` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [sepolia:0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b](https://sepolia.etherscan.io/address/0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/hooks/LotteryHook.md b/hooks/LotteryHook.md new file mode 100644 index 0000000..072082f --- /dev/null +++ b/hooks/LotteryHook.md @@ -0,0 +1,26 @@ +# Hook: `Lottery` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [sepolia:0xb4b339a93B7E3D9B8266d52C96608F0615326B98](https://sepolia.etherscan.io/address/0xb4b339a93B7E3D9B8266d52C96608F0615326B98) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/hooks/registry.json b/hooks/registry.json new file mode 100644 index 0000000..b0f8c02 --- /dev/null +++ b/hooks/registry.json @@ -0,0 +1,32 @@ +{ + "sepolia":{ + "0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b":{ + "name": "FeeTakingHookExample", + "description": "This is a description of the hook.", + "summary": "safe", + "review": "./FeeTakingHook.md", + "warnings": [] + }, + "0x307d96183f133c738Af11D1971BF0A5ee15312be":{ + "name": "ExitFeeHookExample", + "description": "This is a description of the hook.", + "summary": "safe", + "review": "./ExitFeeHook.md", + "warnings": [] + }, + "0xcdF93FaB48405bb9df9c321b6306e701be6F9859":{ + "name": "DirectionalFeeHookExample", + "description": "This is a description of the hook.", + "summary": "safe", + "review": "./DirectionalFeeHook.md", + "warnings": [] + }, + "0xb4b339a93B7E3D9B8266d52C96608F0615326B98":{ + "name": "LotteryHookExample", + "description": "This is a description of the hook.", + "summary": "safe", + "review": "./LotteryHook.md", + "warnings": [] + } + } +} \ No newline at end of file From b0857a9e94c843fc2dcdb208f07333d21aa15ec8 Mon Sep 17 00:00:00 2001 From: franz Date: Mon, 4 Nov 2024 17:04:51 +0100 Subject: [PATCH 61/68] add boosted source --- boosted_pools/registry.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/boosted_pools/registry.json b/boosted_pools/registry.json index 8ad2d05..ca318f8 100644 --- a/boosted_pools/registry.json +++ b/boosted_pools/registry.json @@ -3,6 +3,7 @@ "0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17":{ "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum DAI", + "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3Boosted.md", @@ -11,6 +12,7 @@ "0x94a9d9ac8a22534e3faca9f4e7f2e2cf85d5e4c8":{ "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum USDT", + "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3Boosted.md", @@ -19,6 +21,7 @@ "0x978206fAe13faF5a8d293FB614326B237684B750":{ "underlying":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0", "name": "Static Aave Ethereum USDC", + "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3Boosted.md", From d2c3a6783d89959a507d3dcef689eb63c1c5a98c Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 5 Nov 2024 09:22:19 +0100 Subject: [PATCH 62/68] change to erc4626 --- boosted_pools/AaveV3Boosted.md => erc4626/AaveV3.md | 0 {boosted_pools => erc4626}/registry.json | 6 +++--- 2 files changed, 3 insertions(+), 3 deletions(-) rename boosted_pools/AaveV3Boosted.md => erc4626/AaveV3.md (100%) rename {boosted_pools => erc4626}/registry.json (88%) diff --git a/boosted_pools/AaveV3Boosted.md b/erc4626/AaveV3.md similarity index 100% rename from boosted_pools/AaveV3Boosted.md rename to erc4626/AaveV3.md diff --git a/boosted_pools/registry.json b/erc4626/registry.json similarity index 88% rename from boosted_pools/registry.json rename to erc4626/registry.json index ca318f8..9a64a1d 100644 --- a/boosted_pools/registry.json +++ b/erc4626/registry.json @@ -6,7 +6,7 @@ "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", - "review": "./AaveV3Boosted.md", + "review": "./AaveV3.md", "warnings": [] }, "0x94a9d9ac8a22534e3faca9f4e7f2e2cf85d5e4c8":{ @@ -15,7 +15,7 @@ "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", - "review": "./AaveV3Boosted.md", + "review": "./AaveV3.md", "warnings": [] }, "0x978206fAe13faF5a8d293FB614326B237684B750":{ @@ -24,7 +24,7 @@ "source": "aave", "icon": "https://url.to/theBoostedByLogo.png", "summary": "safe", - "review": "./AaveV3Boosted.md", + "review": "./AaveV3.md", "warnings": [] } } From 78d11cee3f2321effde017f4864635427d8a25bd Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 5 Nov 2024 09:23:29 +0100 Subject: [PATCH 63/68] iconUrl --- erc4626/registry.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/erc4626/registry.json b/erc4626/registry.json index 9a64a1d..b547906 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -4,7 +4,7 @@ "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum DAI", "source": "aave", - "icon": "https://url.to/theBoostedByLogo.png", + "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] @@ -13,7 +13,7 @@ "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum USDT", "source": "aave", - "icon": "https://url.to/theBoostedByLogo.png", + "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] @@ -22,7 +22,7 @@ "underlying":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0", "name": "Static Aave Ethereum USDC", "source": "aave", - "icon": "https://url.to/theBoostedByLogo.png", + "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] From 9077741284530f6f542e735507f5c1362c860eff Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 5 Nov 2024 10:01:20 +0100 Subject: [PATCH 64/68] STONE Mode Rate Provider Fixes #186 --- rate-providers/PythAggregatorRateProvider.md | 60 ++++++++++++++++++++ rate-providers/registry.json | 13 +++++ 2 files changed, 73 insertions(+) create mode 100644 rate-providers/PythAggregatorRateProvider.md diff --git a/rate-providers/PythAggregatorRateProvider.md b/rate-providers/PythAggregatorRateProvider.md new file mode 100644 index 0000000..d1c7a1b --- /dev/null +++ b/rate-providers/PythAggregatorRateProvider.md @@ -0,0 +1,60 @@ +# Rate Provider: `ChainlinkRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @\ +- Deployed at: + - [mode:0xFAD2f1b6B24d475BAA79DfA625073981bCD82A0e](https://modescan.io/address/0xFAD2f1b6B24d475BAA79DfA625073981bCD82A0e/contract/34443/code ) +- Audit report(s): + - [Pyth security](https://docs.pyth.network/home/security) + +## Context +Pyth Network price feeds provide real-time financial market data to smart contract applications on 50+ blockchains. Pyth's market data is contributed by over 95 reputable first-party data providers, including some of the biggest exchanges and market making firms in the world. Each price feed publishes a robust aggregate of these prices multiple times per second. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `PythUpgradable` ([mode:0xA2aa501b19aff244D90cc15a4Cf739D2725B5729](https://modescan.io/address/0xA2aa501b19aff244D90cc15a4Cf739D2725B5729/contract/34443/readProxyContract)) + - admin address: [mode:0x0000000000000000000000000000000000000000](https://modescan.io/address/0x0000000000000000000000000000000000000000) + - admin type: Burned + - comment: The upgradeability admin is set to the zero address. See for this also the code comments + ```solidity + // Only allow the owner to upgrade the proxy to a new implementation. + // The contract has no owner so this function will always revert + // but UUPSUpgradeable expects this method to be implemented. + function _authorizeUpgrade(address) internal override onlyOwner {} + ``` + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Pyth network signed data + - source address: Any address that has access to signed price data, which can be fetched from the pyth network api. + - any protections? YES: price data must be signed by the python network. More information can be found in the pyth [api docs](https://api-reference.pyth.network/price-feeds/evm/updatePriceFeeds) + > This method updates the on-chain price feeds using the provided updateData, which contains serialized and signed price update data from Pyth Network. You can retrieve the latest price updateData for a given set of price feeds from the Hermes API. + + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. It is important to note that this pricefeed does not have a staleness check and the underlying pyth price data can return a price from arbitrarily in the past. Additional upgradeability powers are considered burned. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 60fd5a9..f590a70 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -1924,6 +1924,19 @@ "entrypoint": "0xA2aa501b19aff244D90cc15a4Cf739D2725B5729", "implementationReviewed": "0xEbe57e8045F2F230872523bbff7374986E45C486" }] + }, + "0xFAD2f1b6B24d475BAA79DfA625073981bCD82A0e": { + "asset": "0x80137510979822322193FC997d400D5A6C747bf7", + "name": "ChainlinkRateProvider", + "summary": "safe", + "review": "./PythAggregatorRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xA2aa501b19aff244D90cc15a4Cf739D2725B5729", + "implementationReviewed": "0xEbe57e8045F2F230872523bbff7374986E45C486" + }] } }, "optimism": { From 0449f2b3df7f0aa240344a2f0d23316b20112a37 Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 5 Nov 2024 11:57:04 +0100 Subject: [PATCH 65/68] adapt --- erc4626/registry.json | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/erc4626/registry.json b/erc4626/registry.json index b547906..2a5b599 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -1,28 +1,22 @@ { "sepolia":{ "0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17":{ - "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", + "asset":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum DAI", - "source": "aave", - "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] }, "0x94a9d9ac8a22534e3faca9f4e7f2e2cf85d5e4c8":{ - "underlying":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", + "asset":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357", "name": "Static Aave Ethereum USDT", - "source": "aave", - "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] }, "0x978206fAe13faF5a8d293FB614326B237684B750":{ - "underlying":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0", + "asset":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0", "name": "Static Aave Ethereum USDC", - "source": "aave", - "iconUrl": "https://url.to/theBoostedByLogo.png", "summary": "safe", "review": "./AaveV3.md", "warnings": [] From c6401e7036cd7c23410ba29d355f002facecefee Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 6 Nov 2024 17:23:30 +0800 Subject: [PATCH 66/68] Add checked by --- rate-providers/PythAggregatorRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/PythAggregatorRateProvider.md b/rate-providers/PythAggregatorRateProvider.md index d1c7a1b..9245967 100644 --- a/rate-providers/PythAggregatorRateProvider.md +++ b/rate-providers/PythAggregatorRateProvider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @mkflow27 -- Checked by: @\ +- Checked by: @danielmkm - Deployed at: - [mode:0xFAD2f1b6B24d475BAA79DfA625073981bCD82A0e](https://modescan.io/address/0xFAD2f1b6B24d475BAA79DfA625073981bCD82A0e/contract/34443/code ) - Audit report(s): From edcfbd003b7227529df5dfdfc217b8c48622647a Mon Sep 17 00:00:00 2001 From: franz Date: Wed, 6 Nov 2024 14:50:18 +0100 Subject: [PATCH 67/68] remove description --- hooks/registry.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hooks/registry.json b/hooks/registry.json index b0f8c02..8d580b7 100644 --- a/hooks/registry.json +++ b/hooks/registry.json @@ -2,28 +2,24 @@ "sepolia":{ "0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b":{ "name": "FeeTakingHookExample", - "description": "This is a description of the hook.", "summary": "safe", "review": "./FeeTakingHook.md", "warnings": [] }, "0x307d96183f133c738Af11D1971BF0A5ee15312be":{ "name": "ExitFeeHookExample", - "description": "This is a description of the hook.", "summary": "safe", "review": "./ExitFeeHook.md", "warnings": [] }, "0xcdF93FaB48405bb9df9c321b6306e701be6F9859":{ "name": "DirectionalFeeHookExample", - "description": "This is a description of the hook.", "summary": "safe", "review": "./DirectionalFeeHook.md", "warnings": [] }, "0xb4b339a93B7E3D9B8266d52C96608F0615326B98":{ "name": "LotteryHookExample", - "description": "This is a description of the hook.", "summary": "safe", "review": "./LotteryHook.md", "warnings": [] From 9a20000fac0c1bc3b5e5de4bf6c4c4a9cce7ab4d Mon Sep 17 00:00:00 2001 From: franz Date: Thu, 21 Nov 2024 16:41:54 +0100 Subject: [PATCH 68/68] add stable surge --- hooks/StableSurge.md | 26 ++++++++++++++++++++++++++ hooks/registry.json | 6 ++++++ 2 files changed, 32 insertions(+) create mode 100644 hooks/StableSurge.md diff --git a/hooks/StableSurge.md b/hooks/StableSurge.md new file mode 100644 index 0000000..78f6e2c --- /dev/null +++ b/hooks/StableSurge.md @@ -0,0 +1,26 @@ +# Hook: `Lottery` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [sepolia:0x1adc55adb4caae71abb4c33f606493f4114d2091](https://sepolia.etherscan.io/address/0xb4b339a93B7E3D9B8266d52C96608F0615326B98) +- Audit report(s): + - + +## Context + +## Review Checklist: Bare Minimum Compatibility + +## Review Checklist: Common Findings + +### Administrative Privileges + +### Oracles + +### Common Manipulation Vectors + +## Additional Findings + +## Conclusion +**Summary judgment: SAFE** \ No newline at end of file diff --git a/hooks/registry.json b/hooks/registry.json index 8d580b7..7693746 100644 --- a/hooks/registry.json +++ b/hooks/registry.json @@ -23,6 +23,12 @@ "summary": "safe", "review": "./LotteryHook.md", "warnings": [] + }, + "0x1adc55adb4caae71abb4c33f606493f4114d2091":{ + "name": "StableSurgeHook", + "summary": "safe", + "review": "./StableSurge.md", + "warnings": [] } } } \ No newline at end of file