From 8a07b8f8edd25da0ae2673f0cfd381e5ac3a03d7 Mon Sep 17 00:00:00 2001 From: franz Date: Thu, 6 Mar 2025 13:09:21 +0100 Subject: [PATCH 1/3] add wanS rateprovider --- rate-providers/registry.json | 14 +++++ rate-providers/wanSonicRateprovider copy.md | 62 +++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 rate-providers/wanSonicRateprovider copy.md diff --git a/rate-providers/registry.json b/rate-providers/registry.json index 42ea6b0b..93ec907c 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -3500,6 +3500,20 @@ } ] }, + "0x2d087c0999223997b77cc33be5e7e8ec79396cea": { + "asset": "0x0C4E186Eae8aCAA7F7de1315D5AD174BE39Ec987", + "name": "Wrapped Angles Sonic Rateprovider", + "summary": "safe", + "review": "./wanSonicRateprovider.md", + "warnings": [""], + "factory": "0x00de97829d01815346e58372be55aefd84ca2457", + "upgradeableComponents": [ + { + "entrypoint": "0xfA85Fe5A8F5560e9039C04f2b0a90dE1415aBD70", + "implementationReviewed": "0xba3bb17d19e556900e42e7c1e9e89dc6d3207a64" + } + ] + }, "0xECDfaa456a01c9804Fc8D11955CF4B54E0eA2Bd7": { "asset": "0x50c42deacd8fc9773493ed674b675be577f2634b", "name": "ConstantRateProvider", diff --git a/rate-providers/wanSonicRateprovider copy.md b/rate-providers/wanSonicRateprovider copy.md new file mode 100644 index 00000000..27a50e8a --- /dev/null +++ b/rate-providers/wanSonicRateprovider copy.md @@ -0,0 +1,62 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @franzns +- Checked by: +- Deployed at: + - [sonic:0x2d087c0999223997b77cc33be5e7e8ec79396cea](https://sonicscan.org/address/0x2d087c0999223997b77cc33be5e7e8ec79396cea#code) +- Audits: + - [Fork of Origin Eth](https://docs.originprotocol.com/security-and-risk/audits) (same code as Origin S) + - [Angles Audit](https://angles.gitbook.io/angles/audits) + + +## Context + The rate provider was created using the ERC4626 Rateprovider factory which calls convertToAssets on the wOS ERC4626 contract to expose the rate. The rate of the ERC4626 is calculated by `(supply == 0) ? (shares * 10**_asset.decimals()) / 10**decimals() : (shares * totalAssets()) / supply`. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - Both [wanS](https://sonicscan.org/address/0xfA85Fe5A8F5560e9039C04f2b0a90dE1415aBD70) and [anS](https://sonicscan.org/address/0x0C4E186Eae8aCAA7F7de1315D5AD174BE39Ec987) are upgradable: + - admin address: [sonic:0xE14e14CC32b939957742d7586E9DEBC9631282e7](https://sonicscan.org/address/0xE14e14CC32b939957742d7586E9DEBC9631282e7) + - admin type: Timelock (48 hrs) / 7e431e5ff0ee4cad26347c0674afa9c30502b535 + - Timelock proposer/executor: 3/4 Multisig [sonic:7e431e5ff0ee4cad26347c0674afa9c30502b535](https://sonicscan.org/address/7e431e5ff0ee4cad26347c0674afa9c30502b535) + + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The ERC4626 uses `balancerOf(address(this))` to calculate `totalAssets()` which is used in the `converToAssets` call and therefore in the `getRate` calculation. + + ```solidity + /** @dev See {IERC4626-totalAssets}. */ + function totalAssets() public view virtual override returns (uint256) { + return _asset.balanceOf(address(this)); + } + ``` + + The underlying balance can be inflated by donating underlying assets to the wrapped asset. + +## Additional Finding + + +## Conclusion +**Summary judgment: SAFE** + +Overall this Rate Provider should work well in pool operations with Balancer pools. From b0cd73dac527aa5c433abbab92d2159a5cad20ad Mon Sep 17 00:00:00 2001 From: franz Date: Thu, 6 Mar 2025 13:17:17 +0100 Subject: [PATCH 2/3] fix name --- .../{wanSonicRateprovider copy.md => wanSonicRateprovider.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rate-providers/{wanSonicRateprovider copy.md => wanSonicRateprovider.md} (100%) diff --git a/rate-providers/wanSonicRateprovider copy.md b/rate-providers/wanSonicRateprovider.md similarity index 100% rename from rate-providers/wanSonicRateprovider copy.md rename to rate-providers/wanSonicRateprovider.md From 719f6609061729356b24d60eac9fa0d9dc3bc56b Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 28 Mar 2025 09:35:27 +0100 Subject: [PATCH 3/3] add checked by --- rate-providers/wanSonicRateprovider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-providers/wanSonicRateprovider.md b/rate-providers/wanSonicRateprovider.md index 27a50e8a..6bae8907 100644 --- a/rate-providers/wanSonicRateprovider.md +++ b/rate-providers/wanSonicRateprovider.md @@ -2,7 +2,7 @@ ## Details - Reviewed by: @franzns -- Checked by: +- Checked by: @danielmkm - Deployed at: - [sonic:0x2d087c0999223997b77cc33be5e7e8ec79396cea](https://sonicscan.org/address/0x2d087c0999223997b77cc33be5e7e8ec79396cea#code) - Audits: