From 31a47a6a8e4dbb535bc45ccac5cef53f1e2d6915 Mon Sep 17 00:00:00 2001 From: franz Date: Thu, 23 Jan 2025 17:50:15 +0100 Subject: [PATCH 01/29] wip --- rate-providers/SiloWrappedRateprovider.md | 41 +++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 rate-providers/SiloWrappedRateprovider.md diff --git a/rate-providers/SiloWrappedRateprovider.md b/rate-providers/SiloWrappedRateprovider.md new file mode 100644 index 0000000..100bac4 --- /dev/null +++ b/rate-providers/SiloWrappedRateprovider.md @@ -0,0 +1,41 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @franzns +- Checked by: @danielmkm +- Deployed at: + - [sonic:0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6](https://sonicscan.org/address/0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6#code) + - [sonic:0x9d2d4351c1b3718d7a65ef21f54c86c665964670 ](https://sonicscan.org/address/0x9d2d4351c1b3718d7a65ef21f54c86c665964670 #code) + +## Context +The ERC4626 RateProvider fetches the rate of Silo Borrow Deposit tokens. The exchange rate is provided by the Aave V3 `POOL` and fetched via `getReserveNormalizedIncome` from the pool and wrapped as part of the `convertToAsset` call to the `StaticATokenLM`. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Conclusion +**Summary judgment: SAFE** + +The Rate Providers should work well with Balancer pools. The underlying contracts have been audited and been in production for an extended period of time. The upgradeability of the underlying Aave protocol is guarded behind decentralized governance and has a minimum execution delay of 24 hours. From 6b09fbcf6f2989eb8af6c392579855a8ec0b442f Mon Sep 17 00:00:00 2001 From: franz Date: Thu, 23 Jan 2025 18:00:59 +0100 Subject: [PATCH 02/29] wip rate provider --- rate-providers/BeefyUsdcSiloRateprovider.md | 44 +++++++++++++++++++++ rate-providers/registry.json | 9 +++++ 2 files changed, 53 insertions(+) create mode 100644 rate-providers/BeefyUsdcSiloRateprovider.md diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md new file mode 100644 index 0000000..0f39bc4 --- /dev/null +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -0,0 +1,44 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @franzns +- Checked by: @danielmkm +- Deployed at: + - [sonic:0x5fded3206608d3f33175a8865576431906cdb43b](https://sonicscan.org/address/0x5fded3206608d3f33175a8865576431906cdb43b#code) + + +## Context +The ERC4626 Rate Provider fetches the rate of the Beefy vault for USDC deposited into Silo v2. The rate provider was created using the ERC4626 Rateprovider factory which calls convertToAssets on the ERC4626 to expose the rate. The rate of the ERC4626 is calculated by `shares.mulDiv(totalAssets() + 1, totalSupply() + 10 ** _decimalsOffset(), rounding)`. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + + +## Conclusion +**Summary judgment: SAFE** + +Overall this Rate Provider should work well in pool operations with Balancer pools. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 82a3acc..c49f873 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -2871,6 +2871,15 @@ "entrypoint": "0xD31E89Ffb929b38bA60D1c7dBeB68c7712EAAb0a", "implementationReviewed": "0xb9fa01cbd690dfd5be3d8d667c54bbdd9e41e57d" }] + }, + "0x5fded3206608d3f33175a8865576431906cdb43b": { + "asset": "0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a", + "name": "Beefy USDC SiloV2 Rateprovider", + "summary": "safe", + "review": "./BeefyUsdcSiloRateprovider.md", + "warnings": [""], + "factory": "0x00de97829d01815346e58372be55aefd84ca2457", + "upgradeableComponents": [] } } } From 1763a7f637426e200eb3af1e2c98e037e911c355 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 10:40:42 +0100 Subject: [PATCH 03/29] add beefy 4626 --- erc4626/BeefyWrapperReview.md | 39 +++++++++++++++++++++++++++++++++++ erc4626/registry.json | 7 +++++++ 2 files changed, 46 insertions(+) create mode 100644 erc4626/BeefyWrapperReview.md diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md new file mode 100644 index 0000000..b8ba667 --- /dev/null +++ b/erc4626/BeefyWrapperReview.md @@ -0,0 +1,39 @@ +# ERC4626 Vault: `BeefyWrapper` + +## Details +- Reviewed by: @franzns +- Checked by: @danielmkm +- Deployed at: + - [sonic:0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a](https://sonicscan.org/address/0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a#code) + + +## Context +A 4626 wrapper that can wrap the various Beefy vaults. Its created using their factory at [sonic:0x234f7f81434e340910a84f45f8e89d07fa86611a](https://sonicscan.org/address/0x234f7f81434e340910a84f45f8e89d07fa86611a). + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the ERC4626. If any of these is unchecked, the the ERC4626 is unfit to use. + +- [x] Tests based on the [balancer-v3-monorepo](https://github.com/balancer/balancer-v3-monorepo/tree/main/pkg/vault/test/foundry/fork) pass for the given ERC4626 vaults, which can be found [here](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/sonic/ERC4626BeefyUsdcSilo.sol). +- [x] The required Vault implements the required operational ERC4626 Interface + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in ERC4626 contracts. + +If none of these is checked, then this might be a pretty great ERC4626! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a ERC4626 can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the ERC4626. + +### Administrative Privileges +- [ ] The ERC4626 Vault is upgradeable. + + +### Common Manipulation Vectors +- [ ] The ERC4626 Vault is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +The Wrapper is a minimal proxy which means that it has a hardcoded implementation address so by definition nothing can be upgraded. + +## Conclusion +**Summary judgment: USABLE** + +The outlined ERC4626 Vaults should work well with Balancer pools. \ No newline at end of file diff --git a/erc4626/registry.json b/erc4626/registry.json index f833343..45aa41c 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -157,6 +157,13 @@ "summary": "safe", "review": "./StaticATokenLMAvalonReview.md", "warnings": [] + }, + "0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a": { + "asset": "0x541FD749419CA806a8bc7da8ac23D346f2dF8B77", + "name": "Beefy USDC Wrapper for SiloV2", + "summary": "safe", + "review": "./BeefyWrapperReview.md", + "warnings": [] } }, "sepolia": { From 7f273cef877e3ff90dedae9910835436ef7281fc Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 10:45:38 +0100 Subject: [PATCH 04/29] fix asset --- erc4626/registry.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erc4626/registry.json b/erc4626/registry.json index 45aa41c..b2c2c8f 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -159,7 +159,7 @@ "warnings": [] }, "0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a": { - "asset": "0x541FD749419CA806a8bc7da8ac23D346f2dF8B77", + "asset": "0x29219dd400f2Bf60E5a23d13Be72B486D4038894", "name": "Beefy USDC Wrapper for SiloV2", "summary": "safe", "review": "./BeefyWrapperReview.md", From 7fb5c4aa7c1f288e446a59173796dd5154dd2044 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 11:08:19 +0100 Subject: [PATCH 05/29] remove daniel --- rate-providers/SiloWrappedRateprovider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rate-providers/SiloWrappedRateprovider.md b/rate-providers/SiloWrappedRateprovider.md index 100bac4..328e9b3 100644 --- a/rate-providers/SiloWrappedRateprovider.md +++ b/rate-providers/SiloWrappedRateprovider.md @@ -2,10 +2,10 @@ ## Details - Reviewed by: @franzns -- Checked by: @danielmkm +- Checked by: - Deployed at: - [sonic:0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6](https://sonicscan.org/address/0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6#code) - - [sonic:0x9d2d4351c1b3718d7a65ef21f54c86c665964670 ](https://sonicscan.org/address/0x9d2d4351c1b3718d7a65ef21f54c86c665964670 #code) + - [sonic:0x9d2d4351c1b3718d7a65ef21f54c86c665964670](https://sonicscan.org/address/0x9d2d4351c1b3718d7a65ef21f54c86c665964670#code) ## Context The ERC4626 RateProvider fetches the rate of Silo Borrow Deposit tokens. The exchange rate is provided by the Aave V3 `POOL` and fetched via `getReserveNormalizedIncome` from the pool and wrapped as part of the `convertToAsset` call to the `StaticATokenLM`. From aff0198fa815b6912509884d2bb808c1e34e35bd Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 11:10:37 +0100 Subject: [PATCH 06/29] add rp to registiry --- rate-providers/registry.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 82a3acc..4b3d3de 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -2871,6 +2871,24 @@ "entrypoint": "0xD31E89Ffb929b38bA60D1c7dBeB68c7712EAAb0a", "implementationReviewed": "0xb9fa01cbd690dfd5be3d8d667c54bbdd9e41e57d" }] + }, + "0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6": { + "asset": "0x52Fc9E0a68b6a4C9b57b9D1d99fB71449A99DCd8", + "name": "Silo bSolvBTC.bbn Rateprovider", + "summary": "safe", + "review": "./SiloWrappedRateprovider.md", + "warnings": [""], + "factory": "0x00de97829d01815346e58372be55aefd84ca2457", + "upgradeableComponents": [] + }, + "0x9d2d4351c1b3718d7a65ef21f54c86c665964670": { + "asset": "0x87178fe8698C7eDa8aA207083C3d66aEa569aB98", + "name": "Silo bSolvBTC Rateprovider", + "summary": "safe", + "review": "./SiloWrappedRateprovider.md", + "warnings": [""], + "factory": "0x00de97829d01815346e58372be55aefd84ca2457", + "upgradeableComponents": [] } } } From f2613bc67fbacd0597a678969a888c802bcc6dc4 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 14:09:04 +0100 Subject: [PATCH 07/29] adding audits --- erc4626/BeefyWrapperReview.md | 2 ++ rate-providers/BeefyUsdcSiloRateprovider.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index b8ba667..747032b 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -5,6 +5,8 @@ - Checked by: @danielmkm - Deployed at: - [sonic:0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a](https://sonicscan.org/address/0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a#code) +- Audits: + - [4626 wrapper audit](https://github.com/beefyfinance/beefy-audits/blob/master/2023-08-03-Beefy-Zellic-4626-Wrapper-Audit.pdf) ## Context diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md index 0f39bc4..2eb9e29 100644 --- a/rate-providers/BeefyUsdcSiloRateprovider.md +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -5,6 +5,8 @@ - Checked by: @danielmkm - Deployed at: - [sonic:0x5fded3206608d3f33175a8865576431906cdb43b](https://sonicscan.org/address/0x5fded3206608d3f33175a8865576431906cdb43b#code) +- Audits: + - [4626 wrapper audit](https://github.com/beefyfinance/beefy-audits/blob/master/2023-08-03-Beefy-Zellic-4626-Wrapper-Audit.pdf) ## Context From 3f2b4be5b85515d76896ddf3f1e99ba8529369d7 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 14:38:55 +0100 Subject: [PATCH 08/29] adding donation vector --- erc4626/BeefyWrapperReview.md | 10 +++++++++- rate-providers/BeefyUsdcSiloRateprovider.md | 11 +++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index 747032b..f960f7b 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -28,7 +28,15 @@ If none of these is checked, then this might be a pretty great ERC4626! If any o ### Common Manipulation Vectors -- [ ] The ERC4626 Vault is susceptible to donation attacks. +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via + ```solidity + // + function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); + } + ``` + which is part of the `totalAssets` used in the `getRate` calculation. ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md index 2eb9e29..b7def6f 100644 --- a/rate-providers/BeefyUsdcSiloRateprovider.md +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -33,8 +33,15 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). ### Common Manipulation Vectors -- [ ] The Rate Provider is susceptible to donation attacks. - +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via + ```solidity + // + function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); + } + ``` + which is part of the `totalAssets` used in the `getRate` calculation. ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. From b6bf73a3e5e6a4bc6f3d4ea643c2e8784239acef Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 14:39:08 +0100 Subject: [PATCH 09/29] remove checked by --- erc4626/BeefyWrapperReview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index f960f7b..f3ae30f 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @franzns -- Checked by: @danielmkm +- Checked by: - Deployed at: - [sonic:0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a](https://sonicscan.org/address/0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a#code) - Audits: From 8e4be28949cf45960aa1241200f6ba339385d4c4 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 14:50:59 +0100 Subject: [PATCH 10/29] remove daniel --- rate-providers/BeefyUsdcSiloRateprovider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md index b7def6f..a1e7549 100644 --- a/rate-providers/BeefyUsdcSiloRateprovider.md +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @franzns -- Checked by: @danielmkm +- Checked by: - Deployed at: - [sonic:0x5fded3206608d3f33175a8865576431906cdb43b](https://sonicscan.org/address/0x5fded3206608d3f33175a8865576431906cdb43b#code) - Audits: From 5859e1f4602edc317c8e96ecfe12c3045c69a999 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 15:29:48 +0100 Subject: [PATCH 11/29] donation vector --- erc4626/BeefyWrapperReview.md | 25 ++++++++++++++--- .../AffineLiquidRestakingRateProvider.md | 28 +++++++++++++++---- 2 files changed, 44 insertions(+), 9 deletions(-) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index f3ae30f..5815885 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -29,14 +29,31 @@ If none of these is checked, then this might be a pretty great ERC4626! If any o ### Common Manipulation Vectors - [x] The Rate Provider is susceptible to donation attacks. - - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via + - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `getRate` calculation. + ```solidity - // + /** + * @notice Fetches the total assets held by the vault + * @dev Returns the total assets held by the vault, not only the wrapper + * @return totalAssets the total balance of assets held by the vault + */ function totalAssets() public view virtual override returns (uint256) { - return _asset.balanceOf(address(this)); + return IVault(vault).balance(); } ``` - which is part of the `totalAssets` used in the `getRate` calculation. + The vault calculates it based on underlying balance inside the vault plus the balance inside the strategy. + ```solidity + /** + * @dev It calculates the total underlying value of {token} held by the system. + * It takes into account the vault contract balance, the strategy contract balance + * and the balance deployed in other contracts as part of the strategy. + */ + function balance() public view returns (uint) { + return want().balanceOf(address(this)) + IStrategyV7(strategy).balanceOf(); + } + ``` + + The underlying balance can be inflated by donating underlying assets to the vault. ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. diff --git a/rate-providers/AffineLiquidRestakingRateProvider.md b/rate-providers/AffineLiquidRestakingRateProvider.md index fb4794e..be4b072 100644 --- a/rate-providers/AffineLiquidRestakingRateProvider.md +++ b/rate-providers/AffineLiquidRestakingRateProvider.md @@ -47,14 +47,32 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Common Manipulation Vectors - [x] The Rate Provider is susceptible to donation attacks. - - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via + - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `getRate` calculation. + ```solidity - // - function vaultAssets() public view returns (uint256) { - return IERC20MetadataUpgradeable(asset()).balanceOf(address(this)); + /** + * @notice Fetches the total assets held by the vault + * @dev Returns the total assets held by the vault, not only the wrapper + * @return totalAssets the total balance of assets held by the vault + */ + function totalAssets() public view virtual override returns (uint256) { + return IVault(vault).balance(); } ``` - which is part of the `totalAssets` used in the `getRate` calculation. + The vault calculates it based on underlying balance inside the vault plus the balance inside the strategy. + ```solidity + /** + * @dev It calculates the total underlying value of {token} held by the system. + * It takes into account the vault contract balance, the strategy contract balance + * and the balance deployed in other contracts as part of the strategy. + */ + function balance() public view returns (uint) { + return want().balanceOf(address(this)) + IStrategyV7(strategy).balanceOf(); + } + ``` + + The underlying balance can be inflated by donating underlying assets to the vault. + ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. From 6b02f6f59cc809b6ff096fa5434f9459e968f0fd Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 15:32:58 +0100 Subject: [PATCH 12/29] adapt context for 4626 --- erc4626/BeefyWrapperReview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index 5815885..5ab415f 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -28,8 +28,8 @@ If none of these is checked, then this might be a pretty great ERC4626! If any o ### Common Manipulation Vectors -- [x] The Rate Provider is susceptible to donation attacks. - - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `getRate` calculation. +- [x] The ERC4626 Vault is susceptible to donation attacks. + - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `converToAssets` calculation. ```solidity /** From c7236359abab9ae66bdb067009f23c0365e2029a Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 15:36:08 +0100 Subject: [PATCH 13/29] refine --- rate-providers/AffineLiquidRestakingRateProvider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/AffineLiquidRestakingRateProvider.md b/rate-providers/AffineLiquidRestakingRateProvider.md index be4b072..0333f9e 100644 --- a/rate-providers/AffineLiquidRestakingRateProvider.md +++ b/rate-providers/AffineLiquidRestakingRateProvider.md @@ -47,7 +47,7 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Common Manipulation Vectors - [x] The Rate Provider is susceptible to donation attacks. - - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `getRate` calculation. + - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `converToAsset` call and therefore in the `getRate` calculation. ```solidity /** From 41c80377e1c9ece0754966b2af27d18ba7d3de04 Mon Sep 17 00:00:00 2001 From: franz Date: Fri, 24 Jan 2025 15:38:08 +0100 Subject: [PATCH 14/29] adjust --- .../AffineLiquidRestakingRateProvider.md | 28 ++++--------------- rate-providers/BeefyUsdcSiloRateprovider.md | 25 ++++++++++++++--- 2 files changed, 26 insertions(+), 27 deletions(-) diff --git a/rate-providers/AffineLiquidRestakingRateProvider.md b/rate-providers/AffineLiquidRestakingRateProvider.md index 0333f9e..fb4794e 100644 --- a/rate-providers/AffineLiquidRestakingRateProvider.md +++ b/rate-providers/AffineLiquidRestakingRateProvider.md @@ -47,32 +47,14 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Common Manipulation Vectors - [x] The Rate Provider is susceptible to donation attacks. - - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `converToAsset` call and therefore in the `getRate` calculation. - + - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via ```solidity - /** - * @notice Fetches the total assets held by the vault - * @dev Returns the total assets held by the vault, not only the wrapper - * @return totalAssets the total balance of assets held by the vault - */ - function totalAssets() public view virtual override returns (uint256) { - return IVault(vault).balance(); + // + function vaultAssets() public view returns (uint256) { + return IERC20MetadataUpgradeable(asset()).balanceOf(address(this)); } ``` - The vault calculates it based on underlying balance inside the vault plus the balance inside the strategy. - ```solidity - /** - * @dev It calculates the total underlying value of {token} held by the system. - * It takes into account the vault contract balance, the strategy contract balance - * and the balance deployed in other contracts as part of the strategy. - */ - function balance() public view returns (uint) { - return want().balanceOf(address(this)) + IStrategyV7(strategy).balanceOf(); - } - ``` - - The underlying balance can be inflated by donating underlying assets to the vault. - + which is part of the `totalAssets` used in the `getRate` calculation. ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md index a1e7549..8dc2e29 100644 --- a/rate-providers/BeefyUsdcSiloRateprovider.md +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -34,14 +34,31 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ### Common Manipulation Vectors - [x] The Rate Provider is susceptible to donation attacks. - - comment: The rate can be influenced by donating to the vault as the vault's total assets are measured via + - comment: The ERC4626 wrapper calls the vaults balance for totalAssets() which is part of the `totalAssets` used in the `converToAssets` call and therefore in the `getRate` calculation. + ```solidity - // + /** + * @notice Fetches the total assets held by the vault + * @dev Returns the total assets held by the vault, not only the wrapper + * @return totalAssets the total balance of assets held by the vault + */ function totalAssets() public view virtual override returns (uint256) { - return _asset.balanceOf(address(this)); + return IVault(vault).balance(); } ``` - which is part of the `totalAssets` used in the `getRate` calculation. + The vault calculates it based on underlying balance inside the vault plus the balance inside the strategy. + ```solidity + /** + * @dev It calculates the total underlying value of {token} held by the system. + * It takes into account the vault contract balance, the strategy contract balance + * and the balance deployed in other contracts as part of the strategy. + */ + function balance() public view returns (uint) { + return want().balanceOf(address(this)) + IStrategyV7(strategy).balanceOf(); + } + ``` + + The underlying balance can be inflated by donating underlying assets to the vault. ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. From e90910ec5341a122123db2292b354eaae815bc0b Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 24 Jan 2025 15:50:30 +0100 Subject: [PATCH 15/29] Add checked by --- erc4626/BeefyWrapperReview.md | 4 +--- rate-providers/BeefyUsdcSiloRateprovider.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/erc4626/BeefyWrapperReview.md b/erc4626/BeefyWrapperReview.md index 5ab415f..51c190c 100644 --- a/erc4626/BeefyWrapperReview.md +++ b/erc4626/BeefyWrapperReview.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @franzns -- Checked by: +- Checked by: @danielmkm - Deployed at: - [sonic:0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a](https://sonicscan.org/address/0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a#code) - Audits: @@ -58,8 +58,6 @@ If none of these is checked, then this might be a pretty great ERC4626! If any o ## Additional Findings To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. -The Wrapper is a minimal proxy which means that it has a hardcoded implementation address so by definition nothing can be upgraded. - ## Conclusion **Summary judgment: USABLE** diff --git a/rate-providers/BeefyUsdcSiloRateprovider.md b/rate-providers/BeefyUsdcSiloRateprovider.md index 8dc2e29..c297d8b 100644 --- a/rate-providers/BeefyUsdcSiloRateprovider.md +++ b/rate-providers/BeefyUsdcSiloRateprovider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @franzns -- Checked by: +- Checked by: @danielmkm - Deployed at: - [sonic:0x5fded3206608d3f33175a8865576431906cdb43b](https://sonicscan.org/address/0x5fded3206608d3f33175a8865576431906cdb43b#code) - Audits: From 2e6fee73d18630f3ee37d717e3eedc93ebbb7baf Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Mon, 27 Jan 2025 15:33:36 +0100 Subject: [PATCH 16/29] Wrapped Aave Base WETH --- erc4626/StatATokenV2Review.md | 9 ++++++++- erc4626/registry.json | 15 ++++++++++++--- rate-providers/registry.json | 15 +++++++++++++-- rate-providers/statATokenLMRateProvider.md | 15 ++++++++++++++- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index b58198e..4e58e16 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -13,7 +13,8 @@ - [ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://etherscan.io/address/0x7bc3485026ac48b6cf9baf0a377477fff5703af8#readProxyContract) - [ethereum:0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://etherscan.io/token/0x0fe906e030a44ef24ca8c7dc7b7c53a6c4f00ce9#readProxyContract) - [ethereum:0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://etherscan.io/token/0x775f661b0bd1739349b9a2a3ef60be277c5d2d29#readProxyContract) - - + - [base:0xe298b938631f750DD409fB18227C4a23dCdaab9b](https://basescan.org/address/0xe298b938631f750DD409fB18227C4a23dCdaab9b#code) + - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -100,6 +101,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base WETH - 0xe298b938631f750DD409fB18227C4a23dCdaab9b + - upgradeable component: `StataTokenV2` ([base:0xe298b938631f750DD409fB18227C4a23dCdaab9b](https://basescan.org/address/0xe298b938631f750DD409fB18227C4a23dCdaab9b#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index b2c2c8f..5ba0898 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -1,4 +1,13 @@ { + "base": { + "0xe298b938631f750DD409fB18227C4a23dCdaab9b": { + "asset": "0x4200000000000000000000000000000000000006", + "name": "Wrapped Aave Base WETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] + } + }, "ethereum": { "0x2371e134e3455e0593363cBF89d3b6cf53740618": { "asset": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", @@ -143,21 +152,21 @@ "warnings": [] } }, - "sonic":{ + "sonic": { "0xA28d4dbcC90C849e3249D642f356D85296a12954": { "asset": "0xCC0966D8418d412c599A6421b760a847eB169A8c", "name": "Static Avalon Sonic SolvBTC.bbn", "summary": "safe", "review": "./StaticATokenLMAvalonReview.md", "warnings": [] - }, + }, "0xD31E89Ffb929b38bA60D1c7dBeB68c7712EAAb0a": { "asset": "0x541FD749419CA806a8bc7da8ac23D346f2dF8B77", "name": "Static Avalon Sonic SolvBTC", "summary": "safe", "review": "./StaticATokenLMAvalonReview.md", "warnings": [] - }, + }, "0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a": { "asset": "0x29219dd400f2Bf60E5a23d13Be72B486D4038894", "name": "Beefy USDC Wrapper for SiloV2", diff --git a/rate-providers/registry.json b/rate-providers/registry.json index c49f873..8fc1504 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -704,6 +704,15 @@ "warnings": ["chainlink"], "factory": "0x0A973B6DB16C2ded41dC91691Cc347BEb0e2442B", "upgradeableComponents": [] + }, + "0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35": { + "asset": "0xe298b938631f750DD409fB18227C4a23dCdaab9b", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [""], + "factory": "0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A", + "upgradeableComponents": [] } }, "ethereum": { @@ -2857,7 +2866,8 @@ { "entrypoint": "0xA28d4dbcC90C849e3249D642f356D85296a12954", "implementationReviewed": "0x29c26d85ba819659d084a592b97607a5337de030" - }] + } + ] }, "0xa6c292d06251da638be3b58f1473e03d99c26ff0": { "asset": "0xd31e89ffb929b38ba60d1c7dbeb68c7712eaab0a", @@ -2870,7 +2880,8 @@ { "entrypoint": "0xD31E89Ffb929b38bA60D1c7dBeB68c7712EAAb0a", "implementationReviewed": "0xb9fa01cbd690dfd5be3d8d667c54bbdd9e41e57d" - }] + } + ] }, "0x5fded3206608d3f33175a8865576431906cdb43b": { "asset": "0x7870ddFd5ACA4E977B2287e9A212bcbe8FC4135a", diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index bb97e08..fb57b79 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -19,7 +19,8 @@ - [gnosis:0x821aFE819450A359E29a5209C48f2Fa3321C8AD2](https://gnosisscan.io/address/0x821aFE819450A359E29a5209C48f2Fa3321C8AD2#readContract) - [gnosis:0x5F62fd24941B585b91EB059E0ea1a7e729357511](https://gnosisscan.io/address/0x5F62fd24941B585b91EB059E0ea1a7e729357511#code) - [avalanche:0x484ebac26a05e1feb7909243f293a4f79eef837a](https://snowtrace.io/address/0x484ebac26a05e1feb7909243f293a4f79eef837a/contract/43114/code) - - [avalanche:0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767](https://snowtrace.io/address/0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767/contract/43114/readContract?chainid=43114) + - [avalanche:0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767](https://snowtrace.io/address/0x7E98951ae90fd1Fd7aF3cfe0ACA2A8a8D0FC5767/contract/43114/readContract?chainid=43114) + - [base:0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35](https://basescan.org/address/0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35) - Audit report(s): - [Formal Verification Report For StaticAToken](https://github.com/bgd-labs/static-a-token-v3/blob/main/audits/Formal_Verification_Report_staticAToken.pdf) @@ -205,6 +206,18 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [base:0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35](https://basescan.org/address/0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35) + - upgradeable component: `StataTokenV2` ([base:0xe298b938631f750DD409fB18227C4a23dCdaab9b](https://basescan.org/address/0xe298b938631f750DD409fB18227C4a23dCdaab9b)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://snowtrace.io/address/0x3C06dce358add17aAf230f2234bCCC4afd50d090/contract/43114/code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + + + ### Oracles From 5a4c9b9bf7a34f0bd68ee36c6099798a9c6c297b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 08:41:08 +0100 Subject: [PATCH 17/29] Wrapped Aave Base weETH --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ .../MarketRateTransformerRateProviders.md | 21 ++++++++++++++++++- rate-providers/registry.json | 9 ++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 4e58e16..347cd78 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -107,6 +107,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base weETH - 0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b + - upgradeable component: `StataTokenV2` ([base:0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b](https://basescan.org/address/0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a#code) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index 5ba0898..e31055b 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -6,6 +6,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b": { + "asset": "0x04C0599Ae5A44757c0af6F9eC3b93da8976c150A", + "name": "Wrapped Aave Base weETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/MarketRateTransformerRateProviders.md b/rate-providers/MarketRateTransformerRateProviders.md index aad8991..44b3fa1 100644 --- a/rate-providers/MarketRateTransformerRateProviders.md +++ b/rate-providers/MarketRateTransformerRateProviders.md @@ -20,6 +20,10 @@ - ERC4626RateProvider: MetaMorphoV1_1 - ERC4626Vault's `asset` rate provider: Wrapped USDL (wUSDL) ERC4626 Rate Provider + - WeETH [base:0x4FE32815684C54bB779359A99ff3a7Ef424079E3](https://basescan.org/address/0x4FE32815684C54bB779359A99ff3a7Ef424079E3) + - ERC4626RateProvider: Wrapped Aave Base weETH + - ERC4626Vault's `asset` rate provider: ChainlinkRateProvider + - Audit report(s): - [Formal Verification Report For StaticAToken](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) - [Security Reviews & Formal Verifications](https://docs.morpho.org/security-reviews/) @@ -104,9 +108,24 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: multisig - multisig threshold/signers: 3/17 + #### Wrapped Aave Base weETH + - [base:0x4FE32815684C54bB779359A99ff3a7Ef424079E3](https://basescan.org/address/0x4FE32815684C54bB779359A99ff3a7Ef424079E3#readContract) + - upgradeable component: `StataTokenV2` ([base:0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b](https://basescan.org/address/0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Oracles -- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + + #### Wrapped Aave Base weETH + - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf](https://basescan.org/address/0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf#code) + #### Wrapped Aave Base weETH - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 8fc1504..19fe522 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -2067,6 +2067,15 @@ "implementationReviewed": "0xaf108ae0AD8700ac41346aCb620e828c03BB8848" } ] + }, + "0x14BD1e9b30007510c2aFE3a7a8053A6DE5605d35": { + "asset": "0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b", + "name": "AaveMarketRateTransformer", + "summary": "safe", + "review": "./MarketRateTransformerRateProviders.md", + "warnings": [""], + "factory": "0x4E185b1502Fea7a06B63fDdA6de38F92C9528566", + "upgradeableComponents": [] } }, "fantom": { From 8e0c30aed864b7e4eae81567598dff17f8bdd752 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 08:48:10 +0100 Subject: [PATCH 18/29] Wrapped Aave Base USDC --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ rate-providers/registry.json | 9 +++++++++ rate-providers/statATokenLMRateProvider.md | 10 ++++++++++ 4 files changed, 32 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 347cd78..bb47151 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -113,6 +113,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base USDC - 0xC768c589647798a6EE01A91FdE98EF2ed046DBD6 + - upgradeable component: `StataTokenV2` ([base:0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b](https://basescan.org/address/0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index e31055b..e4ab535 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -13,6 +13,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0xC768c589647798a6EE01A91FdE98EF2ed046DBD6": { + "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", + "name": "Wrapped Aave Base USDC", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 19fe522..7af348d 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -713,6 +713,15 @@ "warnings": [""], "factory": "0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A", "upgradeableComponents": [] + }, + "0x0368b79b6A173a5aD589594E3227153D8cC7Cecc": { + "asset": "0xC768c589647798a6EE01A91FdE98EF2ed046DBD6", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [""], + "factory": "0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A", + "upgradeableComponents": [] } }, "ethereum": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index fb57b79..3d34e0b 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -216,6 +216,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [base:0x0368b79b6A173a5aD589594E3227153D8cC7Cecc](https://basescan.org/address/0x0368b79b6A173a5aD589594E3227153D8cC7Cecc#readContract) + - upgradeable component: `StataTokenV2` ([base:0xC768c589647798a6EE01A91FdE98EF2ed046DBD6](https://basescan.org/address/0xC768c589647798a6EE01A91FdE98EF2ed046DBD6#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + From 53c8a31d6abbea77566a6c38fcdd01044dbe3a03 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:03:11 +0100 Subject: [PATCH 19/29] Wrapped Aave Base cbBTC --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ rate-providers/registry.json | 7 +++++++ rate-providers/statATokenLMRateProvider.md | 10 ++++++++++ 4 files changed, 30 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index bb47151..c16e13f 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -119,6 +119,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base cbBTC - 0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF + - upgradeable component: `StataTokenV2` ([base:0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF](https://basescan.org/address/0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index e4ab535..c047bc9 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -20,6 +20,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF": { + "asset": "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf", + "name": "Wrapped Aave Base cbBTC", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 7af348d..ac33b27 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -722,6 +722,13 @@ "warnings": [""], "factory": "0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A", "upgradeableComponents": [] + }, + "0xbF21251c74208771e25De5C08971cE586236EE89": { + "asset": "0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 3d34e0b..8f193a9 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -225,6 +225,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + + - [base:0xbF21251c74208771e25De5C08971cE586236EE89](https://basescan.org/address/0xbF21251c74208771e25De5C08971cE586236EE89#readContract) + - upgradeable component: `StataTokenV2` ([base:0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF](https://basescan.org/address/0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. From 5a51441fd32d9cf61eda32fc659a9c84f135afe5 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:11:15 +0100 Subject: [PATCH 20/29] Wrapped Aave Base wstETH --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ .../MarketRateTransformerRateProviders.md | 14 +++++++++++++- rate-providers/registry.json | 7 +++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index c16e13f..aac0c38 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -125,6 +125,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base wstETH - 0x0830820D1A9aa1554364752d6D8F55C836871B74 + - upgradeable component: `StataTokenV2` ([base:0x0830820D1A9aa1554364752d6D8F55C836871B74](https://basescan.org/address/0x0830820D1A9aa1554364752d6D8F55C836871B74#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index c047bc9..acfc2d7 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -27,6 +27,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x0830820D1A9aa1554364752d6D8F55C836871B74": { + "asset": "0xc1CBa3fCea344f92D9239c08C0568f6F2F0ee452", + "name": "Wrapped Aave Base wstETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/MarketRateTransformerRateProviders.md b/rate-providers/MarketRateTransformerRateProviders.md index 44b3fa1..e737d13 100644 --- a/rate-providers/MarketRateTransformerRateProviders.md +++ b/rate-providers/MarketRateTransformerRateProviders.md @@ -119,13 +119,25 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base wstETH + - [base:0xcb1f29103F710A0A562de7f0e9DDE223D0860674](https://basescan.org/address/0xcb1f29103F710A0A562de7f0e9DDE223D0860674#readContract) + - upgradeable component: `StataTokenV2` ([base:0x0830820D1A9aa1554364752d6D8F55C836871B74](https://basescan.org/address/0x0830820D1A9aa1554364752d6D8F55C836871B74)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Oracles - [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). #### Wrapped Aave Base weETH - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf](https://basescan.org/address/0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf#code) - #### Wrapped Aave Base weETH + #### Wrapped Aave Base wstETH + - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1](https://basescan.org/address/0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1) - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). diff --git a/rate-providers/registry.json b/rate-providers/registry.json index ac33b27..3f14b5b 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -729,6 +729,13 @@ "summary": "safe", "review": "./statATokenLMRateProvider.md", "warnings": [] + }, + "0xcb1f29103F710A0A562de7f0e9DDE223D0860674": { + "asset": "0x0830820D1A9aa1554364752d6D8F55C836871B74", + "name": "AaveMarketRateTransformer", + "summary": "safe", + "review": "./MarketRateTransformerRateProviders.md", + "warnings": [] } }, "ethereum": { From 109799b8df30d029705ac8ef2af111f37ff0e3d1 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:39:52 +0100 Subject: [PATCH 21/29] Wrapped Aave Base cbETH --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ .../MarketRateTransformerRateProviders.md | 13 +++++++++++++ rate-providers/registry.json | 7 +++++++ 4 files changed, 33 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index aac0c38..7a3102a 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -131,6 +131,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base cbETH - 0x5e8B674127B321DC344c078e58BBACc3f3008962 + - upgradeable component: `StataTokenV2` ([base:0x5e8B674127B321DC344c078e58BBACc3f3008962](https://basescan.org/address/0x5e8B674127B321DC344c078e58BBACc3f3008962#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index acfc2d7..6a185bf 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -34,6 +34,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x5e8B674127B321DC344c078e58BBACc3f3008962": { + "asset": "0x2Ae3F1Ec7F1F5012CFEab0185bfc7aa3cf0DEc22", + "name": "Wrapped Aave Base cbETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/MarketRateTransformerRateProviders.md b/rate-providers/MarketRateTransformerRateProviders.md index e737d13..aa9b594 100644 --- a/rate-providers/MarketRateTransformerRateProviders.md +++ b/rate-providers/MarketRateTransformerRateProviders.md @@ -130,6 +130,17 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base cbETH + - [base:0x940748d30315276362f594ECcCb648A4f9aB7629](https://basescan.org/address/0x940748d30315276362f594ECcCb648A4f9aB7629#readContract) + - upgradeable component: `StataTokenV2` ([base:0x5e8B674127B321DC344c078e58BBACc3f3008962](https://basescan.org/address/0x5e8B674127B321DC344c078e58BBACc3f3008962#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Oracles - [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). @@ -138,6 +149,8 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf](https://basescan.org/address/0x5a7A419C59eAAdec8Dc00bc93ac95612e6e154Cf#code) #### Wrapped Aave Base wstETH - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1](https://basescan.org/address/0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1) + #### Wrapped Aave Base cbETH + - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x3786a6CAAB433f5dfE56503207DF31DF87C5b5C1](https://basescan.org/address/0x3786a6CAAB433f5dfE56503207DF31DF87C5b5C1) - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 3f14b5b..41e461c 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -736,6 +736,13 @@ "summary": "safe", "review": "./MarketRateTransformerRateProviders.md", "warnings": [] + }, + "0x940748d30315276362f594ECcCb648A4f9aB7629": { + "asset": "0x5e8B674127B321DC344c078e58BBACc3f3008962", + "name": "AaveMarketRateTransformer", + "summary": "safe", + "review": "./MarketRateTransformerRateProviders.md", + "warnings": [] } }, "ethereum": { From 5ab8abe45c714ff5c4c1ad3b0436051bfc8a6e7b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:43:53 +0100 Subject: [PATCH 22/29] Wrapped Aave Base USDbC --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ rate-providers/registry.json | 7 +++++++ rate-providers/statATokenLMRateProvider.md | 10 ++++++++++ 4 files changed, 30 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 7a3102a..6d40c3d 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -137,6 +137,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base USDbC - 0x74D4D1D440c9679b1013999Bd91507eAa2fff651 + - upgradeable component: `StataTokenV2` ([base:0x74D4D1D440c9679b1013999Bd91507eAa2fff651](https://basescan.org/address/0x74D4D1D440c9679b1013999Bd91507eAa2fff651#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index 6a185bf..d02bf0d 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -41,6 +41,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0x74D4D1D440c9679b1013999Bd91507eAa2fff651": { + "asset": "0xd9aAEc86B65D86f6A7B5B1b0c42FFA531710b6CA", + "name": "Wrapped Aave Base USDbC", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 41e461c..08cb706 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -743,6 +743,13 @@ "summary": "safe", "review": "./MarketRateTransformerRateProviders.md", "warnings": [] + }, + "0xBa0Fd0f3B019e8aBA61FEA2ac4Eb56b29F6808c0": { + "asset": "0x74D4D1D440c9679b1013999Bd91507eAa2fff651", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 8f193a9..f1027f5 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -236,6 +236,16 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + - [base:0xBa0Fd0f3B019e8aBA61FEA2ac4Eb56b29F6808c0](https://basescan.org/address/0xBa0Fd0f3B019e8aBA61FEA2ac4Eb56b29F6808c0) + - upgradeable component: `StataTokenV2` ([base:0x74D4D1D440c9679b1013999Bd91507eAa2fff651](https://basescan.org/address/0x74D4D1D440c9679b1013999Bd91507eAa2fff651#code)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + -upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + From f4b0e287413308c74c004681d00f398b92d00555 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:47:37 +0100 Subject: [PATCH 23/29] Wrapped Aave Base ezETH --- erc4626/StatATokenV2Review.md | 6 ++++++ erc4626/registry.json | 7 +++++++ .../MarketRateTransformerRateProviders.md | 14 ++++++++++++++ rate-providers/registry.json | 7 +++++++ 4 files changed, 34 insertions(+) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 6d40c3d..915afb8 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -143,6 +143,12 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base ezETH - 0xF8F10f39116716e89498c1c5E94137ADa11b2BC7 + - upgradeable component: `StataTokenV2` ([base:0xF8F10f39116716e89498c1c5E94137ADa11b2BC7](https://basescan.org/address/0xF8F10f39116716e89498c1c5E94137ADa11b2BC7)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Common Manipulation Vectors - [ ] The ERC4626 Vault is susceptible to donation attacks. diff --git a/erc4626/registry.json b/erc4626/registry.json index d02bf0d..dd1f129 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -48,6 +48,13 @@ "summary": "safe", "review": "./StatATokenV2Review.md", "warnings": [] + }, + "0xF8F10f39116716e89498c1c5E94137ADa11b2BC7": { + "asset": "0x2416092f143378750bb29b79eD961ab195CcEea5", + "name": "Wrapped Aave Base ezETH", + "summary": "safe", + "review": "./StatATokenV2Review.md", + "warnings": [] } }, "ethereum": { diff --git a/rate-providers/MarketRateTransformerRateProviders.md b/rate-providers/MarketRateTransformerRateProviders.md index aa9b594..f25e7cc 100644 --- a/rate-providers/MarketRateTransformerRateProviders.md +++ b/rate-providers/MarketRateTransformerRateProviders.md @@ -141,6 +141,17 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours. + #### Wrapped Aave Base ezETH + - [base:0xFF4B2CE4131E0Fb6b8A40447B4dF96Bdc83f759a](https://basescan.org/address/0xFF4B2CE4131E0Fb6b8A40447B4dF96Bdc83f759a#readContract) + - upgradeable component: `StataTokenV2` ([base:0xF8F10f39116716e89498c1c5E94137ADa11b2BC7](https://basescan.org/address/0xF8F10f39116716e89498c1c5E94137ADa11b2BC7#readProxyContract)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `L2PoolInstance` ([base:0xA238Dd80C259a72e81d7e4664a9801593F98d1c5](https://basescan.org/address/0xA238Dd80C259a72e81d7e4664a9801593F98d1c5)) + - admin address: [base:0x9390B1735def18560c509E2d0bc090E9d6BA257a](https://basescan.org/address/0x9390B1735def18560c509E2d0bc090E9d6BA257a) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + ### Oracles - [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). @@ -151,6 +162,9 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1](https://basescan.org/address/0x3b3dd5f913443bb5E70389F29c83F7DCA460CAe1) #### Wrapped Aave Base cbETH - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x3786a6CAAB433f5dfE56503207DF31DF87C5b5C1](https://basescan.org/address/0x3786a6CAAB433f5dfE56503207DF31DF87C5b5C1) + #### Wrapped Aave Base ezETH + - The ERC4626 Vault utilises a Chainlink Rate Provider at [base:0x6ac3b3BeCE5AA61C6AB5d50ecd2D47b1f18ACe49](https://basescan.org/address/0x6ac3b3BeCE5AA61C6AB5d50ecd2D47b1f18ACe49) + - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 08cb706..bb7abaf 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -750,6 +750,13 @@ "summary": "safe", "review": "./statATokenLMRateProvider.md", "warnings": [] + }, + "0xFF4B2CE4131E0Fb6b8A40447B4dF96Bdc83f759a": { + "asset": "0xF8F10f39116716e89498c1c5E94137ADa11b2BC7", + "name": "AaveMarketRateTransformer", + "summary": "safe", + "review": "./MarketRateTransformerRateProviders.md", + "warnings": [] } }, "ethereum": { From 6545bccbf4c37677f93dafc0c38d33279039f7a1 Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 09:50:01 +0100 Subject: [PATCH 24/29] registry update --- rate-providers/registry.json | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/rate-providers/registry.json b/rate-providers/registry.json index bb7abaf..c09cabe 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -728,35 +728,45 @@ "name": "ERC4626RateProvider", "summary": "safe", "review": "./statATokenLMRateProvider.md", - "warnings": [] + "warnings": [], + "factory": "", + "upgradeableComponents": [] }, "0xcb1f29103F710A0A562de7f0e9DDE223D0860674": { "asset": "0x0830820D1A9aa1554364752d6D8F55C836871B74", "name": "AaveMarketRateTransformer", "summary": "safe", "review": "./MarketRateTransformerRateProviders.md", - "warnings": [] + "warnings": [], + "factory": "", + "upgradeableComponents": [] }, "0x940748d30315276362f594ECcCb648A4f9aB7629": { "asset": "0x5e8B674127B321DC344c078e58BBACc3f3008962", "name": "AaveMarketRateTransformer", "summary": "safe", "review": "./MarketRateTransformerRateProviders.md", - "warnings": [] + "warnings": [], + "factory": "", + "upgradeableComponents": [] }, "0xBa0Fd0f3B019e8aBA61FEA2ac4Eb56b29F6808c0": { "asset": "0x74D4D1D440c9679b1013999Bd91507eAa2fff651", "name": "ERC4626RateProvider", "summary": "safe", "review": "./statATokenLMRateProvider.md", - "warnings": [] + "warnings": [], + "factory": "", + "upgradeableComponents": [] }, "0xFF4B2CE4131E0Fb6b8A40447B4dF96Bdc83f759a": { "asset": "0xF8F10f39116716e89498c1c5E94137ADa11b2BC7", "name": "AaveMarketRateTransformer", "summary": "safe", "review": "./MarketRateTransformerRateProviders.md", - "warnings": [] + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "ethereum": { From 903b20c4ec7c5b1d8c1b5b94c467f01bfef9c47b Mon Sep 17 00:00:00 2001 From: mkflow27 Date: Tue, 28 Jan 2025 10:47:45 +0100 Subject: [PATCH 25/29] add fork tests --- erc4626/StatATokenV2Review.md | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/erc4626/StatATokenV2Review.md b/erc4626/StatATokenV2Review.md index 915afb8..5670d65 100644 --- a/erc4626/StatATokenV2Review.md +++ b/erc4626/StatATokenV2Review.md @@ -14,6 +14,13 @@ - [ethereum:0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://etherscan.io/token/0x0fe906e030a44ef24ca8c7dc7b7c53a6c4f00ce9#readProxyContract) - [ethereum:0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://etherscan.io/token/0x775f661b0bd1739349b9a2a3ef60be277c5d2d29#readProxyContract) - [base:0xe298b938631f750DD409fB18227C4a23dCdaab9b](https://basescan.org/address/0xe298b938631f750DD409fB18227C4a23dCdaab9b#code) + - [base:0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b](https://basescan.org/address/0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b#readProxyContract) + - [base:0xC768c589647798a6EE01A91FdE98EF2ed046DBD6](https://basescan.org/address/0xC768c589647798a6EE01A91FdE98EF2ed046DBD6#readProxyContract) + - [base:0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF](https://basescan.org/address/0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF#readProxyContract) + - [base:0x0830820D1A9aa1554364752d6D8F55C836871B74](https://basescan.org/address/0x0830820D1A9aa1554364752d6D8F55C836871B74#readProxyContract) + - [base:0x5e8B674127B321DC344c078e58BBACc3f3008962](https://basescan.org/address/0x5e8B674127B321DC344c078e58BBACc3f3008962#readProxyContract) + - [base:0x74D4D1D440c9679b1013999Bd91507eAa2fff651](https://basescan.org/address/0x74D4D1D440c9679b1013999Bd91507eAa2fff651#readProxyContract) + - [base:0xF8F10f39116716e89498c1c5E94137ADa11b2BC7](https://basescan.org/address/0xF8F10f39116716e89498c1c5E94137ADa11b2BC7#readProxyContract) - Audit report(s): - [StatATokenV2 audits](https://github.com/aave-dao/aave-v3-origin/blob/067d29eb75115179501edc4316d125d9773f7928/audits/11-09-2024_Certora_StataTokenV2.pdf) @@ -159,14 +166,22 @@ To save time, we do not bother pointing out low-severity/informational issues or **Summary judgment: USABLE** The outlined ERC4626 Vaults should work well with Balancer pools. Upgradeability is guarded by Aave governance and the Vaults implement the required interfaces with fork tests passing as can be seen here: -- [0x773cda0cade2a3d86e6d4e30699d40bb95174ff2](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveGno.t.sol) -- [0x7c16F0185A26Db0AE7a9377f23BC18ea7ce5d644](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveGno.t.sol#L20) -- [0x51350d88c1bd32cc6a79368c9fb70373fb71f375](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveUsdce.t.sol#L20) -- [0x57f664882F762FA37903FC864e2B633D384B411A](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveWeth.t.sol#L17) -- [0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdcV2.t.sol#L20) -- [0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveWeth.t.sol#L20) -- [0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdt2.t.sol#L20) -- [0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWeth.t.sol#L20) -- [0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWstEth.t.sol#L20) +- [gnosis:0x773cda0cade2a3d86e6d4e30699d40bb95174ff2](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/gnosis/ERC4626GnosisAaveGno.t.sol) +- [gnosis:0x7c16F0185A26Db0AE7a9377f23BC18ea7ce5d644](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveGno.t.sol#L20) +- [gnosis:0x51350d88c1bd32cc6a79368c9fb70373fb71f375](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveUsdce.t.sol#L20) +- [gnosis:0x57f664882F762FA37903FC864e2B633D384B411A](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/gnosis/ERC4626GnosisAaveWeth.t.sol#L17) +- [ethereum:0xD4fa2D31b7968E448877f69A96DE69f5de8cD23E](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdcV2.t.sol#L20) +- [ethereum:0x0bfc9d54Fc184518A81162F8fB99c2eACa081202](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveWeth.t.sol#L20) +- [ethereum:0x7Bc3485026Ac48b6cf9BaF0A377477Fff5703Af8](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveUsdt2.t.sol#L20) +- [ethereum:0x0FE906e030a44eF24CA8c7dC7B7c53A6C4F00ce9](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWeth.t.sol#L20) +- [ethereum:0x775F661b0bD1739349b9A2A3EF60be277c5d2D29](https://github.com/balancer/balancer-v3-erc4626-tests/blob/365ee17e8904f4654990434cc3bbc273478d95ef/test/mainnet/ERC4626MainnetAaveLidoWstEth.t.sol#L20) +- Weth [base:0xe298b938631f750DD409fB18227C4a23dCdaab9b](https://github.com/balancer/balancer-v3-erc4626-tests/blob/aave-base/test/base/ERC4626BaseAaveWeth.t.sol) +- weETH [base:0x6acD0a165fD70A84b6b50d955ff3628700bAAf4b](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveWeETH.t.sol#L20) +- USDC [base:0xC768c589647798a6EE01A91FdE98EF2ed046DBD6](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveUSDC.t.sol#L20) +- cbBTC [base:0xFA2A03b6f4A65fB1Af64f7d935fDBf78693df9aF](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveCbBTC.t.sol#L20) +- wstETH [base:0x0830820D1A9aa1554364752d6D8F55C836871B74](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveWstETH.t.sol#L20) +- cbETH [base:0x5e8B674127B321DC344c078e58BBACc3f3008962](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveCbETH.t.sol#L20) +- USDbC [base:0x74D4D1D440c9679b1013999Bd91507eAa2fff651](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveUSDbC.t.sol#L20) +- ezETH [base:0xF8F10f39116716e89498c1c5E94137ADa11b2BC7](https://github.com/balancer/balancer-v3-erc4626-tests/blob/208e800c185f59d3e57f4f228932af59d0458b29/test/base/ERC4626BaseAaveEzETH.t.sol#L20) From 4151990cbb9c4faf4c935dc351535ee2d9536f19 Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 28 Jan 2025 15:07:59 +0100 Subject: [PATCH 26/29] add silo review --- erc4626/SiloV2Review.md | 39 +++++++++++++++++++++++ erc4626/registry.json | 14 ++++++++ rate-providers/SiloWrappedRateprovider.md | 6 ++-- 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 erc4626/SiloV2Review.md diff --git a/erc4626/SiloV2Review.md b/erc4626/SiloV2Review.md new file mode 100644 index 0000000..e342b7f --- /dev/null +++ b/erc4626/SiloV2Review.md @@ -0,0 +1,39 @@ +# ERC4626 Vault: `Silo V2` + +## Details +- Reviewed by: @franzns +- Checked by: +- Deployed at: + - [sonic:0x52Fc9E0a68b6a4C9b57b9D1d99fB71449A99DCd8](https://sonicscan.org/address/0x52Fc9E0a68b6a4C9b57b9D1d99fB71449A99DCd8#code) + - [sonic:0x87178fe8698C7eDa8aA207083C3d66aEa569aB98](https://sonicscan.org/address/0x87178fe8698C7eDa8aA207083C3d66aEa569aB98#code) +- Audits: + - [Silo V2 audits](https://docs.silo.finance/audits-and-tests) + + +## Context +All Silo V2 markets are ERC4626 vaults be default. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the ERC4626. If any of these is unchecked, the the ERC4626 is unfit to use. + +- [x] Tests based on the [balancer-v3-monorepo](https://github.com/balancer/balancer-v3-monorepo/tree/main/pkg/vault/test/foundry/fork) pass for the given ERC4626 vaults, which can be found [here](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/sonic/ERC4626SonicSiloSolvBtc.t.sol). +- [x] The required Vault implements the required operational ERC4626 Interface + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in ERC4626 contracts. + +If none of these is checked, then this might be a pretty great ERC4626! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a ERC4626 can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the ERC4626. + +### Administrative Privileges +- [ ] The ERC4626 Vault is upgradeable. + +### Common Manipulation Vectors +- [ ] The ERC4626 Vault is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: USABLE** + +The outlined ERC4626 Vaults should work well with Balancer pools. \ No newline at end of file diff --git a/erc4626/registry.json b/erc4626/registry.json index dd1f129..ab935e5 100644 --- a/erc4626/registry.json +++ b/erc4626/registry.json @@ -222,6 +222,20 @@ "summary": "safe", "review": "./BeefyWrapperReview.md", "warnings": [] + }, + "0x52Fc9E0a68b6a4C9b57b9D1d99fB71449A99DCd8": { + "asset": "0xCC0966D8418d412c599A6421b760a847eB169A8c", + "name": "SiloV2 solvBTC.bbn ID 13", + "summary": "safe", + "review": "./SiloV2Review.md", + "warnings": [] + }, + "0x87178fe8698C7eDa8aA207083C3d66aEa569aB98": { + "asset": "0x541FD749419CA806a8bc7da8ac23D346f2dF8B77", + "name": "SiloV2 solvBTC ID 13", + "summary": "safe", + "review": "./SiloV2Review.md", + "warnings": [] } }, "sepolia": { diff --git a/rate-providers/SiloWrappedRateprovider.md b/rate-providers/SiloWrappedRateprovider.md index 328e9b3..8820c9f 100644 --- a/rate-providers/SiloWrappedRateprovider.md +++ b/rate-providers/SiloWrappedRateprovider.md @@ -6,9 +6,11 @@ - Deployed at: - [sonic:0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6](https://sonicscan.org/address/0x78557d8a83fe7c6d9f9983d00e5c0e08cc3335e6#code) - [sonic:0x9d2d4351c1b3718d7a65ef21f54c86c665964670](https://sonicscan.org/address/0x9d2d4351c1b3718d7a65ef21f54c86c665964670#code) +- Audits: + - [Silo V2 audits](https://docs.silo.finance/audits-and-tests) ## Context -The ERC4626 RateProvider fetches the rate of Silo Borrow Deposit tokens. The exchange rate is provided by the Aave V3 `POOL` and fetched via `getReserveNormalizedIncome` from the pool and wrapped as part of the `convertToAsset` call to the `StaticATokenLM`. +The ERC4626 Rate Provider fetches the rate of the Silo V2 Market. The rate provider was created using the ERC4626 Rateprovider factory which calls convertToAssets on the ERC4626 to expose the rate. ## Review Checklist: Bare Minimum Compatibility Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. @@ -38,4 +40,4 @@ If none of these is checked, then this might be a pretty great Rate Provider! If ## Conclusion **Summary judgment: SAFE** -The Rate Providers should work well with Balancer pools. The underlying contracts have been audited and been in production for an extended period of time. The upgradeability of the underlying Aave protocol is guarded behind decentralized governance and has a minimum execution delay of 24 hours. +The Rate Providers should work well with Balancer pools. The underlying contracts have been audited. Computation of totalAssets do not rely on `balanceOf()` calls and also their audits do not indicate any risk of a donation attack vector. \ No newline at end of file From 6c9b82eea949482c2b9a2637e1db28477c2b81cb Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 28 Jan 2025 15:17:15 +0100 Subject: [PATCH 27/29] more summary --- erc4626/SiloV2Review.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erc4626/SiloV2Review.md b/erc4626/SiloV2Review.md index e342b7f..01f3b3e 100644 --- a/erc4626/SiloV2Review.md +++ b/erc4626/SiloV2Review.md @@ -36,4 +36,4 @@ To save time, we do not bother pointing out low-severity/informational issues or ## Conclusion **Summary judgment: USABLE** -The outlined ERC4626 Vaults should work well with Balancer pools. \ No newline at end of file +The outlined ERC4626 Vaults should work well with Balancer pools. The underlying contracts have been audited. Computation of totalAssets do not rely on `balanceOf()` calls and also their audits do not indicate any risk of a donation attack vector. \ No newline at end of file From d04498febd278e8bb439185ea7fe7cff2d59ff74 Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 28 Jan 2025 15:17:39 +0100 Subject: [PATCH 28/29] remove additional --- erc4626/SiloV2Review.md | 1 - 1 file changed, 1 deletion(-) diff --git a/erc4626/SiloV2Review.md b/erc4626/SiloV2Review.md index 01f3b3e..a321875 100644 --- a/erc4626/SiloV2Review.md +++ b/erc4626/SiloV2Review.md @@ -31,7 +31,6 @@ If none of these is checked, then this might be a pretty great ERC4626! If any o - [ ] The ERC4626 Vault is susceptible to donation attacks. ## Additional Findings -To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. ## Conclusion **Summary judgment: USABLE** From a1ee65528eb9c8de237a69c9890f779e8026520b Mon Sep 17 00:00:00 2001 From: franz Date: Tue, 28 Jan 2025 15:41:25 +0100 Subject: [PATCH 29/29] general test url to folder --- erc4626/SiloV2Review.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/erc4626/SiloV2Review.md b/erc4626/SiloV2Review.md index a321875..beb98b5 100644 --- a/erc4626/SiloV2Review.md +++ b/erc4626/SiloV2Review.md @@ -16,7 +16,7 @@ All Silo V2 markets are ERC4626 vaults be default. ## Review Checklist: Bare Minimum Compatibility Each of the items below represents an absolute requirement for the ERC4626. If any of these is unchecked, the the ERC4626 is unfit to use. -- [x] Tests based on the [balancer-v3-monorepo](https://github.com/balancer/balancer-v3-monorepo/tree/main/pkg/vault/test/foundry/fork) pass for the given ERC4626 vaults, which can be found [here](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/sonic/ERC4626SonicSiloSolvBtc.t.sol). +- [x] Tests based on the [balancer-v3-monorepo](https://github.com/balancer/balancer-v3-monorepo/tree/main/pkg/vault/test/foundry/fork) pass for the given ERC4626 vaults, which can be found [here](https://github.com/balancer/balancer-v3-erc4626-tests/blob/main/test/sonic/). - [x] The required Vault implements the required operational ERC4626 Interface ## Review Checklist: Common Findings