From 9e6bbfd232360478bb8bb7643884c2c66e36d911 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 13:02:32 +0100 Subject: [PATCH 1/7] review: add more statATokens --- erc4626/StatATokenV2Review.md | 14 ++++++++++++++ erc4626/registry.json | 9 ++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 2e784cb..d3aa23d 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -8,6 +8,8 @@ - [gnosis:0x7c16f0185a26db0ae7a9377f23bc18ea7ce5d644](https://gnosisscan.io/address/0x7c16f0185a26db0ae7a9377f23bc18ea7ce5d644) - [gnosis:0x51350d88c1bd32cc6a79368c9fb70373fb71f375](https://gnosisscan.io/address/0x51350d88c1bd32cc6a79368c9fb70373fb71f375) - [ethereum:0x487c2C53c0866F0A73ae317bD1A28F63ADcD9aD1](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) + - [gnosis:0x57f664882F762FA37903FC864e2B633D384B411A](https://gnosisscan.io/token/0x57f664882f762fa37903fc864e2b633d384b411a) + - [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -46,6 +48,18 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Gnosis WETH - 0x57f664882F762FA37903FC864e2B633D384B411A + - upgradeable component: `StataTokenV2` ([gnosis:0x57f664882f762fa37903fc864e2b633d384b411a](https://gnosisscan.io/token/0x57f664882f762fa37903fc864e2b633d384b411a#readProxyContract)) + - admin address: [gnosis:0x1dF462e2712496373A347f8ad10802a5E95f053D](https://gnosisscan.io/address/0x1dF462e2712496373A347f8ad10802a5E95f053D) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + + #### Wrapped Aave Ethereum USDC - 0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E + - upgradeable component: `StataTokenV2` ([ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index 5466ed1..72d08d1 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -32,7 +32,7 @@ "asset": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", "name": "Aave Ethereum USDC", "summary": "safe", - "review": "../rate-providers/MarketRateTransformerRateProviders.md", + "review": "./StatATokenV2Review.md", "warnings": [] } }, @@ -64,6 +64,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x57f664882F762FA37903FC864e2B633D384B411A": { + "asset": "0x6A023CCd1ff6F2045C3309768eAd9E68F978f6e1", + "name": "Wrapped Aave Gnosis WETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "sepolia": { From 9e9be58d79b04e79fee5c301a2b87f2d5ade246c Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 13:16:02 +0100 Subject: [PATCH 2/7] review: add wa weth --- erc4626/StatATokenV2Review.md | 7 +++++++ erc4626/registry.json | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index d3aa23d..7e06257 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -10,6 +10,7 @@ - [ethereum:0x487c2C53c0866F0A73ae317bD1A28F63ADcD9aD1](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) - [gnosis:0x57f664882F762FA37903FC864e2B633D384B411A](https://gnosisscan.io/token/0x57f664882f762fa37903fc864e2b633d384b411a) - [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E) + - [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -60,6 +61,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Ethereum WETH - 0x0bfc9d54Fc184518A81162F8fB99c2eACa081202 + - upgradeable component: `StataTokenV2` ([ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x0bfc9d54fc184518a81162f8fb99c2eaca081202#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index 72d08d1..bc64e58 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -34,6 +34,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x0bfc9d54Fc184518A81162F8fB99c2eACa081202": { + "asset": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "name": "Wrapped Aave Ethereum WETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "gnosis": { From dc6dabbec43fcbeae4943ff36b95e178d2afb21b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 13:20:04 +0100 Subject: [PATCH 3/7] review: wausdt --- erc4626/StatATokenV2Review.md | 8 ++++++++ erc4626/registry.json | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 7e06257..89dea16 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -11,6 +11,7 @@ - [gnosis:0x57f664882F762FA37903FC864e2B633D384B411A](https://gnosisscan.io/token/0x57f664882f762fa37903fc864e2b633d384b411a) - [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E) - [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) + - [ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -67,6 +68,13 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Ethereum USDT string - 0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8 + - upgradeable component: `StataTokenV2` ([ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index bc64e58..264e053 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -41,6 +41,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8": { + "asset": "0xdAC17F958D2ee523a2206206994597C13D831ec7", + "name": "Wrapped Aave Ethereum USDT", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "gnosis": { From ff73b7c0d101d9024725cccc7f869d9703ca978d Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 13:20:17 +0100 Subject: [PATCH 4/7] style: remove word --- erc4626/StatATokenV2Review.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 89dea16..14cef37 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -68,7 +68,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. - #### Wrapped Aave Ethereum USDT string - 0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8 + #### Wrapped Aave Ethereum USDT - 0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8 - upgradeable component: `StataTokenV2` ([ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract)) - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) - admin type: Aave governance system. From 07bf14035e48e9a975026d26ca702a103b82544b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 13:50:28 +0100 Subject: [PATCH 5/7] docs: rm wrong entry --- erc4626/StatATokenV2Review.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 14cef37..5270e00 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -7,10 +7,9 @@ - [gnosis:0x773cda0cade2a3d86e6d4e30699d40bb95174ff2](https://gnosisscan.io/address/0x773cda0cade2a3d86e6d4e30699d40bb95174ff2#code) - [gnosis:0x7c16f0185a26db0ae7a9377f23bc18ea7ce5d644](https://gnosisscan.io/address/0x7c16f0185a26db0ae7a9377f23bc18ea7ce5d644) - [gnosis:0x51350d88c1bd32cc6a79368c9fb70373fb71f375](https://gnosisscan.io/address/0x51350d88c1bd32cc6a79368c9fb70373fb71f375) - - [ethereum:0x487c2C53c0866F0A73ae317bD1A28F63ADcD9aD1](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) - [gnosis:0x57f664882F762FA37903FC864e2B633D384B411A](https://gnosisscan.io/token/0x57f664882f762fa37903fc864e2b633d384b411a) - [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E) - - [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x487c2c53c0866f0a73ae317bd1a28f63adcd9ad1#code) + - [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x0bfc9d54Fc184518A81162F8fB99c2eACa081202) - [ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) From 78921cea86163f39c8f4fb9f92d3e7cb18f5016c Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Wed, 11 Dec 2024 14:22:43 +0100 Subject: [PATCH 6/7] review: add lido aave markets --- erc4626/StatATokenV2Review.md | 14 ++++++++++++++ erc4626/registry.json | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 5270e00..9318db5 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -11,6 +11,8 @@ - [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://etherscan.io/address/0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E) - [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://etherscan.io/address/0x0bfc9d54Fc184518A81162F8fB99c2eACa081202) - [ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract) + - [ethereum:0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://etherscan.io/token/0x0fe906e030a44ef24ca8c7dc7b7c53a6c4f00ce9#readProxyContract) + - [ethereum:0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://etherscan.io/token/0x775f661b0bd1739349b9a2a3ef60be277c5d2d29#readProxyContract) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -72,6 +74,18 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + + #### Wrapped Aave Ethereum Lido WETH - 0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9 + - upgradeable component: `StataTokenV2` ([ethereum:0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://etherscan.io/address/0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + + #### Wrapped Aave Ethereum Lido wstETH - 0x775F661b0bD1739349b9A2A3EF60be277c5d2D29 + - upgradeable component: `StataTokenV2` ([ethereum:0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://etherscan.io/address/0x775F661b0bD1739349b9A2A3EF60be277c5d2D29#code)) + - admin address: [ethereum:0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A](https://etherscan.io/address/0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. ### Common Manipulation Vectors diff --git a/erc4626/registry.json b/erc4626/registry.json index 264e053..3000df0 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -48,6 +48,20 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9": { + "asset": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "name": "Wrapped Aave Ethereum Lido WETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] + }, + "0x775F661b0bD1739349b9A2A3EF60be277c5d2D29": { + "asset": "0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0", + "name": "Wrapped Aave Ethereum Lido wstETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "gnosis": { From 75dec4b02d70213abc427d4511fbd0beedca163f Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Thu, 12 Dec 2024 09:24:02 +0100 Subject: [PATCH 7/7] review: add link to outstanding vault tests --- erc4626/StatATokenV2Review.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 9318db5..1c69bbb 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -98,7 +98,14 @@ To save time, we do not bother pointing out low-severity/informational issues or **Summary judgment: USABLE** The outlined ERC4626 Vaults should work well with Balancer pools. Upgradeability is guarded by Aave governance and the Vaults implement the required interfaces with fork tests passing as can be seen here: -- [Aave's GNO](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveGno.t.sol) -- [Aave's WstEth](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveWstEth.t.sol) -- [Aave's USDC.e](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveUsdce.t.sol) -- [Aave's aUsdc](https://github.com/balancer/balancer-v3-erc4626-tests/pull/1/files) +- [0x773cda0cade2a3d86e6d4e30699d40bb95174ff2](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveGno.t.sol) +- [0x7c16F0185A26Db0AE7a9377f23BC18ea7ce5d644](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveGno.t.sol#L20) +- [0x51350d88c1bd32cc6a79368c9fb70373fb71f375](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveUsdce.t.sol#L20) +- [0x57f664882F762FA37903FC864e2B633D384B411A](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveWeth.t.sol#L17) +- [0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdcV2.t.sol#L20) +- [0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveWeth.t.sol#L20) +- [0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdt2.t.sol#L20) +- [0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWeth.t.sol#L20) +- [0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWstEth.t.sol#L20) + +