diff --git a/rate-providers/MellowRateProviders.md b/rate-providers/MellowRateProviders.md index 3110c5c..5e0f99b 100644 --- a/rate-providers/MellowRateProviders.md +++ b/rate-providers/MellowRateProviders.md @@ -8,6 +8,8 @@ - [ethereum:0x9D09c1E832102A23215e27E85B37b139aEe95Ff4](https://etherscan.io/address/0x9D09c1E832102A23215e27E85B37b139aEe95Ff4#code) - [ethereum:0x6984F8E8ce474B69A2F32bE7dEc4d003d644B4B7](https://etherscan.io/address/0x6984F8E8ce474B69A2F32bE7dEc4d003d644B4B7#code) - [ethereum:0x3A2228C7B3Bc3A32AEa9338d0A890A5EbD7bc977](https://etherscan.io/address/0x3A2228C7B3Bc3A32AEa9338d0A890A5EbD7bc977#code) + - [ethereum:0x34406A8Ee75B5af34F8920D1960AC6a5B33A47b6](https://etherscan.io/address/0x34406A8Ee75B5af34F8920D1960AC6a5B33A47b6#readContract) + - [ethereum:0x2A2f1b8c02Dafc5359B8E0e8BFc138400CB6d3a1](https://etherscan.io/address/0x2A2f1b8c02Dafc5359B8E0e8BFc138400CB6d3a1#readContract) - Audit report(s): - [Mellow LRT audits](https://docs.mellow.finance/mellow-lrt-primitive/audits) @@ -53,6 +55,22 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: multisig - multisig threshold/signers: 5/8 - comment: The `ADMIN_ROLE`has the capability to add new Tvl modules, which are target of an external call. An rogue `ADMIN_ROLE`could add malicious modules potentially inflating the the price. This functionality currently resides within: [ethereum:0x9437B2a8cF3b69D782a61f9814baAbc172f72003](https://etherscan.io/address/0x9437B2a8cF3b69D782a61f9814baAbc172f72003#code) + #### Renzo Restaked LST (pzETH) + - upgradeable component: `Vault` ([ethereum:0x8c9532a60E0E7C6BbD2B2c1303F63aCE1c3E9811](https://etherscan.io/address/0x8c9532a60e0e7c6bbd2b2c1303f63ace1c3e9811#readProxyContract)) + - admin address: [ethereum:0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0](https://etherscan.io/address/0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0) + - admin type: multisig + - multisig threshold/signers: 5/8 + - comment: The `ADMIN_ROLE`has the capability to add new Tvl modules, which are target of an external call. An rogue `ADMIN_ROLE`could add malicious modules potentially inflating the the price. This functionality currently resides within: [ethereum:0x9437B2a8cF3b69D782a61f9814baAbc172f72003](https://etherscan.io/address/0x9437B2a8cF3b69D782a61f9814baAbc172f72003#code) + #### InfStones Restaked ETH (ifsETH) + - upgradeable component: `Vault` ([ethereum:]()) + - admin address: [ethereum:0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0](https://etherscan.io/address/0x81698f87C6482bF1ce9bFcfC0F103C4A0Adf0Af0) + - admin type: multisig + - multisig threshold/signers: 5/8 + - comment: The `ADMIN_ROLE`has the capability to add new Tvl modules, which are target of an external call. An rogue `ADMIN_ROLE`could add malicious modules potentially inflating the the price. This functionality currently resides within: [ethereum:0x9437B2a8cF3b69D782a61f9814baAbc172f72003](https://etherscan.io/address/0x9437B2a8cF3b69D782a61f9814baAbc172f72003) + + + + ### Oracles @@ -77,6 +95,13 @@ If none of these is checked, then this might be a pretty great Rate Provider! If decimals = IAggregatorV3(data.aggregatorV3).decimals(); } ``` + - Additionally the address of the `priceOracle` in this case ChainLink is upgradeable within the (`VaultConfigurator`)[https://etherscan.io/address/0xb1B912Be63a2DC4ECf5a6BFAd46780dD7F81022b#code] contract. In order to change this address the admin ROLE of the `Vault`can call `stagePriceOracle` and start the process of adding a new price oracle. + ```solidity + function stagePriceOracle(address oracle) external onlyAdmin nonReentrant { + if (oracle == address(0)) revert AddressZero(); + _stage(_priceOracle, uint160(oracle)); + } + ``` - [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). ### Common Manipulation Vectors diff --git a/rate-providers/StakewiseOsTokenRateProviders.md b/rate-providers/StakewiseOsTokenRateProviders.md new file mode 100644 index 0000000..704a248 --- /dev/null +++ b/rate-providers/StakewiseOsTokenRateProviders.md @@ -0,0 +1,116 @@ +# Rate Provider: `PriceFeed` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [gnosis:0x9B1b13afA6a57e54C03AD0428a4766C39707D272](https://gnosisscan.io/address/0x9b1b13afa6a57e54c03ad0428a4766c39707d272#readContract) +- Audit report(s): + - [audits](https://github.com/stakewise/v3-core/tree/main/audits) + +## Context +The osGNO rate provider reports the rate of osGNO - GNO. osGNO is a yield bearing token accruing yield from validating the gnosis chain. The rate is calculated by dividing total assets over total shares. osGNO can be minted via several Vault contracts (which are created from a factory contract). osGNO however is not the Vault's share token but a separate token minted by the `OsTokenVaultController`. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `GnoVault` (too many as they are created from a factory) + - admin address: [gnosis:0x8737f638E9af54e89ed9E1234dbC68B115CD169e](https://gnosisscan.io/address/0x8737f638E9af54e89ed9E1234dbC68B115CD169e#readProxyContract) (This is the address allowed to add new implementations to the registry) + - admin type: 4/7 Multisig + - context: Every `GnoVault` (see [Stakewise app](https://app.stakewise.io/vaults)) is an ERC1969 Proxy contract with upgradeability. The account allowed to upgrade the vault is the vault's creator as he called `createVault`. Every vault has the capability to get `osGNO` minted by calling into the `OsTokenVaultController` deployed [here](https://gnosisscan.io/address/0x60B2053d7f2a0bBa70fe6CDd88FB47b579B9179a#code) and the crucial check if a specified amount of `osTokenShares` a vault can mint is done in the vault contract. This is important as the ratio of total assets over total shares is relevant for the return of `getRate`. + ```solidity + // calculate and validate LTV + if (_calcMaxOsTokenShares(convertToAssets(_balances[msg.sender])) < position.shares) { + revert Errors.LowLtv(); + } + ``` + Since the upgrade of a vault could remove this check (and `osGNO`) could be minted more easily the Vault's upgradeability system needs to be take care of this scenario (since everyone can create a vault). Upgrading a vault works like + ```solidity + function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy { + _authorizeUpgrade(newImplementation); + _upgradeToAndCallUUPS(newImplementation, data); + } + ``` + and the authorization checks are done via + ```solidity + /// @inheritdoc UUPSUpgradeable + function _authorizeUpgrade(address newImplementation) internal view override { + _checkAdmin(); + if ( + newImplementation == address(0) || + ERC1967Utils.getImplementation() == newImplementation || // cannot reinit the same implementation + IVaultVersion(newImplementation).vaultId() != vaultId() || // vault must be of the same type + IVaultVersion(newImplementation).version() != version() + 1 || // vault cannot skip versions between + !IVaultsRegistry(_vaultsRegistry).vaultImpls(newImplementation) // new implementation must be registered + ) { + revert Errors.UpgradeFailed(); + } + } + ``` + The `_vaultsRegistry` deployed [here](https://gnosisscan.io/address/0x7d014B3C6ee446563d4e0cB6fBD8C3D0419867cB) acts as the key guardrail of what implementations the vaults can be upgraded to. The addition of new vault implementations is guarded behind an `onlyOwner` modifier. + ```solidity + /// @inheritdoc IVaultsRegistry + function addVaultImpl(address newImpl) external override onlyOwner { + if (vaultImpls[newImpl]) revert Errors.AlreadyAdded(); + vaultImpls[newImpl] = true; + emit VaultImplAdded(newImpl); + } + ``` + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: A `Keeper` contract + - source address: [gnosis:0xcAC0e3E35d3BA271cd2aaBE688ac9DB1898C26aa](https://vscode.blockscan.com/gnosis/0xcAC0e3E35d3BA271cd2aaBE688ac9DB1898C26aa) + - any protections? Yes: Part of the `getRate` return value is the calculation of unclaimed assets, based on a `avgRewardPerSecond` state variable, which can be set by the mentioned `Keeper`. The calculation of `totalAssets()` uses `_unclaimedAssets()` via: + ```solidity + /// @inheritdoc IOsTokenVaultController + function totalAssets() public view override returns (uint256) { + uint256 profitAccrued = _unclaimedAssets(); + if (profitAccrued == 0) return _totalAssets; + + uint256 treasuryAssets = Math.mulDiv(profitAccrued, feePercent, _maxFeePercent); + return _totalAssets + profitAccrued - treasuryAssets; + } + /** + * @dev Internal function for calculating assets accumulated since last update + */ + function _unclaimedAssets() internal view returns (uint256) { + // calculate time passed since the last update + uint256 timeElapsed; + unchecked { + // cannot realistically underflow + timeElapsed = block.timestamp - _lastUpdateTimestamp; + } + if (timeElapsed == 0) return 0; + return Math.mulDiv(avgRewardPerSecond * _totalAssets, timeElapsed, _wad); + } + ``` + As part of the keepers `updateRewards` function, the `avgRewardsPerSecond` is updated in the controller contract. The function `updateRewards` called on the [keeper](https://vscode.blockscan.com/gnosis/0xcAC0e3E35d3BA271cd2aaBE688ac9DB1898C26aa) has checks, which include: + - signature verification + - check if provided rewards per second are below the max avg reward per second. + - Updating state to reset `elapsedTime` + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The upgradeability of the vault system is guarded behind only allowing valid implementations managed by the Stakewise team. Additionally the oracle functionality of the keeper has validity checks implemented reducing the risk the oracle poses for the rate calculation. \ No newline at end of file diff --git a/rate-providers/YieldNestRateProvider.md b/rate-providers/YieldNestRateProvider.md new file mode 100644 index 0000000..ffe368c --- /dev/null +++ b/rate-providers/YieldNestRateProvider.md @@ -0,0 +1,64 @@ +# Rate Provider: `ynViewer` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [ethereum:0xF0207Ffa0b793E009DF9Df62fEE95B8FC6c93EcF](https://etherscan.io/address/0xf0207ffa0b793e009df9df62fee95b8fc6c93ecf#readProxyContract) +- Audit report(s): + - [YieldNestProtocol](https://docs.yieldnest.finance/security/audits) + +## Context +ynETH is an nLRT that exposes users to a dynamically curated Basket comprising AVSs across multiple industry verticals. The YieldNest DAO carefully selects and fully vets all of the operators and AVS within ynETH’s Basket to deliver an nLRT with the highest possible risk-adjusted yield. +Restakers deposit ETH into YieldNest’s restaking pool and receive ynETH back as a tradable and liquid “receipt” token representing the underlying yield-generating restaked ETH. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [x] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + - admin address: [ethereum:0xfcad670592a3b24869C0b51a6c6FDED4F95D6975](https://etherscan.io/address/0xfcad670592a3b24869C0b51a6c6FDED4F95D6975) + - admin type: multisig + - multisig threshold/signers: 3/5 + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `ynETH` ([ethereum:0x09db87A538BD693E9d08544577d5cCfAA6373A48](https://etherscan.io/address/0x09db87A538BD693E9d08544577d5cCfAA6373A48#readProxyContract)) + - admin address: [ethereum:0xfcad670592a3b24869C0b51a6c6FDED4F95D6975](https://etherscan.io/address/0xfcad670592a3b24869C0b51a6c6FDED4F95D6975) + - admin type: multisig + - multisig threshold/signers: 3/5 + + - upgradeable component: `StakingNodesManager` ([ethereum:0x8C33A1d6d062dB7b51f79702355771d44359cD7d](https://etherscan.io/address/0x8C33A1d6d062dB7b51f79702355771d44359cD7d)) + - admin address: [ethereum:0xfcad670592a3b24869C0b51a6c6FDED4F95D6975](https://etherscan.io/address/0xfcad670592a3b24869C0b51a6c6FDED4F95D6975) + - admin type: multisig + - multisig threshold/signers: 3/5 + + - upgradeable component: `StakingNode` ([ethereum:0x144dA5E59228E9C558B8F692Dde6c48f890D0d96](https://etherscan.io/address/0x144dA5E59228E9C558B8F692Dde6c48f890D0d96#code)) + - admin address: [ethereum:0xfcad670592a3b24869C0b51a6c6FDED4F95D6975](https://etherscan.io/address/0xfcad670592a3b24869C0b51a6c6FDED4F95D6975) + - admin type: multisig + - multisig threshold/signers: 3/5 + - comment: The rate calculations are based on iterating over a set of staking nodes. Each staking node is a Beacon based proxy contract. + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. Upgradeability mechanisms are properly guarded behind a multisig. This rate provider uses a total assets / total supply approach to calculate the rate. diff --git a/rate-providers/cdcEthRateProvider.md b/rate-providers/cdcEthRateProvider.md new file mode 100644 index 0000000..10072fd --- /dev/null +++ b/rate-providers/cdcEthRateProvider.md @@ -0,0 +1,71 @@ +# Rate Provider: `CDCETHBalancerRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [ethereum:0x3f032432f239d86D36ccF01Fb0c86399a33BD004](https://etherscan.io/address/0x3f032432f239d86d36ccf01fb0c86399a33bd004) +- Audit report(s): + - [Wrapped Token contract audits](https://crypto.com/document/blocksec_securityaudit2024) + +## Context +CDCETH provides an instant, efficient, and liquid way of participating in the Proof-of-Stake consensus mechanism on +Ethereum and maintaining the integrity of the network. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `LiquidETHV1` ([ethereum:0xfe18aE03741a5b84e39C295Ac9C856eD7991C38e](https://etherscan.io/address/0xfe18ae03741a5b84e39c295ac9c856ed7991c38e#readProxyContract)) + - admin address: [ethereum:0x328a6715c5C0b4bc2b35FA2320b45605aB7b18bc](https://etherscan.io/address/0x328a6715c5c0b4bc2b35fa2320b45605ab7b18bc) + - admin type: EOA + - comment: + - Q: Could they confirm if this EOA is allowed to upgrade cdcETH? https://etherscan.io/address/0x328a6715c5c0b4bc2b35fa2320b45605ab7b18bc + - A: Yes, this EOA can upgrade the contract. + EOA is using MPC hence externally it can't be seen as controlled by multiple parties. We use institutional grade MPC wallet solution and we view this as more secure than multisig + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Custom Oracle + - source address: [ethereum:0x59B0189D1e5556c97637c505919518Bf25DF0Fc8](https://etherscan.io/address/0x59B0189D1e5556c97637c505919518Bf25DF0Fc8) + - any protections? YES: There is one check done on the rate being pushed which is that the rate must be greater than 0. + ```solidity + function updateExchangeRate(uint256 newExchangeRate) external onlyOracle { + require( + newExchangeRate > 0, + "LiquidETHV1: new exchange rate cannot be 0" + ); + bytes32 position = _EXCHANGE_RATE_POSITION; + assembly { + sstore(position, newExchangeRate) + } + emit ExchangeRateUpdated(msg.sender, newExchangeRate); + } + ``` + - comment: + - Q: What checks they do on the exchangeRate they push to storage of cdcETH? This is an EOA https://etherscan.io/address/0x59B0189D1e5556c97637c505919518Bf25DF0Fc8 that is pushing data and I cannot see any checks on the data they push? + - A: The checks are built off-chain on our backend. We have set up %thresholds to check ETH reward distributed/accrued to CDCETH for the upcoming reward distribution cycle vs. the average of the previous 4. We get alerts and reward distribution requires an extra manual check if it exceeds the %threshold. This would prevent us from publishing the wrong exchangeRate on-chain. + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. Special note should be taken for the upgradeability of the `LiquidETHV1` as the proclaimed security of the EOA cannot be verified onchain as well as the checks for the rate being pushed by the oracle. Read the section on upgradeability & oracles for more information. diff --git a/rate-providers/registry.json b/rate-providers/registry.json index bc032fb..ca12e8e 100644 --- a/rate-providers/registry.json +++ b/rate-providers/registry.json @@ -366,6 +366,56 @@ "implementationReviewed": "0x9093939b9bdc5322d6e2b37b62867d744c98e874" } ] + }, + "0xf7ec24690fBCEc489E7C9A7055C04Db5C221c397": { + "asset": "0xbC404429558292eE2D769E57d57D6E74bbd2792d", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./sUSXRateProvider.md", + "warnings": [], + "factory": "0xe548a29631f9E49830bE8edc22d407b2D2915F31", + "upgradeableComponents": [ + { + "entrypoint": "0xbC404429558292eE2D769E57d57D6E74bbd2792d", + "implementationReviewed": "0x339B34965bD3A61025eEA3D5FDcADf75756cc0Db" + } + ] + }, + "0x177862A0242acD8b5F9cc757a963c1C8883da45E": { + "asset": "0xD9FBA68D89178e3538e708939332c79efC540179", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xD9FBA68D89178e3538e708939332c79efC540179", + "implementationReviewed": "0x9Bf9df78b1f7c76a473588c41321B5059b62981e" + }, + { + "entrypoint": "0x794a61358D6845594F94dc1DB02A252b5b4814aD", + "implementationReviewed": "0x6C6c6857e2F32fcCBDb2791597350Aa034a3ce47" + } + ] + }, + "0x183Ac1bCC538aa9729350f8a9C6357a268e1Bd03": { + "asset": "0x89AEc2023f89E26Dbb7eaa7a98fe3996f9d112A8", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./statATokenLMRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x89AEc2023f89E26Dbb7eaa7a98fe3996f9d112A8", + "implementationReviewed": "0x9Bf9df78b1f7c76a473588c41321B5059b62981e" + }, + { + "entrypoint": "0x794a61358D6845594F94dc1DB02A252b5b4814aD", + "implementationReviewed": "0x6C6c6857e2F32fcCBDb2791597350Aa034a3ce47" + } + ] } }, "avalanche": { @@ -528,15 +578,6 @@ "warnings": ["legacy"], "factory": "", "upgradeableComponents": [] - }, - "0xe1b1e024f4Bc01Bdde23e891E081b76a1A914ddd": { - "asset": "0xd95ca61CE9aAF2143E81Ef5462C0c2325172E028", - "name": "wUSD+ Overnight Rate Provider", - "summary": "safe", - "review": "./LegacyReview.md", - "warnings": ["legacy"], - "factory": "", - "upgradeableComponents": [] } }, "ethereum": { @@ -1117,6 +1158,15 @@ } ] }, + "0x3f032432f239d86D36ccF01Fb0c86399a33BD004": { + "asset": "0xfe18aE03741a5b84e39C295Ac9C856eD7991C38e", + "name": "CDCETHBalancerRateProvider", + "summary": "safe", + "review": "./cdcEthRateProvider.md", + "warnings": ["eoaUpgradeable"], + "factory": "", + "upgradeableComponents": [] + }, "0x20EDB9299Ae83D9f22bE16279a4A2B422F34d020": { "asset": "0xBEEF69Ac7870777598A04B2bd4771c71212E6aBc", "name": "VaultRateOracle", @@ -1173,6 +1223,114 @@ } ] }, + "0x34406A8Ee75B5af34F8920D1960AC6a5B33A47b6": { + "asset": "0x8c9532a60E0E7C6BbD2B2c1303F63aCE1c3E9811", + "name": "VaultRateOracle", + "summary": "safe", + "review": "./MellowRateProviders.md", + "warnings": ["donation"], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x8c9532a60E0E7C6BbD2B2c1303F63aCE1c3E9811", + "implementationReviewed": "0xaf108ae0AD8700ac41346aCb620e828c03BB8848" + }, + { + "entrypoint": "0x9C49a829F1D726679cB505439BbF3ed018A7e9c6", + "implementationReviewed": "0x9C49a829F1D726679cB505439BbF3ed018A7e9c6" + } + ] + }, + "0x2A2f1b8c02Dafc5359B8E0e8BFc138400CB6d3a1": { + "asset": "0x49cd586dd9BA227Be9654C735A659a1dB08232a9", + "name": "VaultRateOracle", + "summary": "safe", + "review": "./MellowRateProviders.md", + "warnings": ["donation"], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x49cd586dd9BA227Be9654C735A659a1dB08232a9", + "implementationReviewed": "0xaf108ae0AD8700ac41346aCb620e828c03BB8848" + }, + { + "entrypoint": "0x9C49a829F1D726679cB505439BbF3ed018A7e9c6", + "implementationReviewed": "0x9C49a829F1D726679cB505439BbF3ed018A7e9c6" + } + ] + }, + "0xEd29fBe335A0602Bf100825b533B12133FE523A3": { + "asset": "0x68749665FF8D2d112Fa859AA293F07A622782F38", + "name": "XAUt Tether Gold Rate Provider", + "summary": "safe", + "review": "./ChainLinkRateProvider.md", + "warnings": ["chainlink"], + "factory": "0x1311Fbc9F60359639174c1e7cC2032DbDb5Cc4d1", + "upgradeableComponents": [] + }, + "0xc497F11326c3DE5086710EDa43354697b32c1541": { + "asset": "0xbC404429558292eE2D769E57d57D6E74bbd2792d", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./sUSXRateProvider.md", + "warnings": [], + "factory": "0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec", + "upgradeableComponents": [ + { + "entrypoint": "0xbC404429558292eE2D769E57d57D6E74bbd2792d", + "implementationReviewed": "0xC80aD49191113d31fe52427c01A197106ef5EB5b" + } + ] + }, + "0xF0207Ffa0b793E009DF9Df62fEE95B8FC6c93EcF": { + "asset": "0x09db87A538BD693E9d08544577d5cCfAA6373A48", + "name": "ynViewer", + "summary": "safe", + "review": "./YieldNestRateProvider.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0xF0207Ffa0b793E009DF9Df62fEE95B8FC6c93EcF", + "implementationReviewed": "0x0365a6eF790e05EEe386B57326e5Ceaf5B10899e" + }, + { + "entrypoint": "0x09db87A538BD693E9d08544577d5cCfAA6373A48", + "implementationReviewed": "0x14dc3d915107dca9ed39e29e14fbdfe4358a1346" + }, + { + "entrypoint": "0x8C33A1d6d062dB7b51f79702355771d44359cD7d", + "implementationReviewed": "0xabd3a755e4eef24f862c268d21fd5235904cc811" + }, + { + "entrypoint": "0x144dA5E59228E9C558B8F692Dde6c48f890D0d96", + "implementationReviewed": "0xF8A37F34a427611C4c54F82bF43230FA041d237B" + } + ] + }, + "0x414aB7081D3C2d0BA75703A465744DF99c9f9B22": { + "asset": "0x5C5b196aBE0d54485975D1Ec29617D42D9198326", + "name": "ERC4626RateProvider", + "summary": "safe", + "review": "./sdeUSDRateProvider.md", + "warnings": ["donation"], + "factory": "0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec", + "upgradeableComponents": [ + { + "entrypoint": "0x5C5b196aBE0d54485975D1Ec29617D42D9198326", + "implementationReviewed": "0x2DA7E2D2C22338874A421BFbb76278f0a64Df746" + } + ] + }, + "0x748d749c6Cd0cCA8f53F66A3A0D75a91E2978d65": { + "asset": "0x583019fF0f430721aDa9cfb4fac8F06cA104d0B4", + "name": "styETHRateProvider", + "summary": "safe", + "review": "./st-yETHRateProvider.md", + "warnings": ["donation"], + "factory": "", + "upgradeableComponents": [] + }, "0x47657094e3AF11c47d5eF4D3598A1536B394EEc4": { "asset": "0x47657094e3AF11c47d5eF4D3598A1536B394EEc4", "name": "UltraLRT", @@ -1270,7 +1428,6 @@ } ] } - }, "gnosis": { "0x89C80A4540A00b5270347E02e2E144c71da2EceD": { @@ -1353,6 +1510,15 @@ "warnings": [], "factory": "", "upgradeableComponents": [] + }, + "0x9B1b13afA6a57e54C03AD0428a4766C39707D272": { + "asset": "0xF490c80aAE5f2616d3e3BDa2483E30C4CB21d1A0", + "name": "PriceFeed", + "summary": "safe", + "review": "./StakewiseOsTokenRateProviders.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [] } }, "mode": { @@ -1367,6 +1533,24 @@ } }, "optimism": { + "0x210ABdFD989f3eE5C08614a8f4e096Cf8408f5DF": { + "asset": "0x5A7a183B6B44Dc4EC2E3d2eF43F98C5152b1d76d", + "name": "inETH Rate Provider", + "summary": "safe", + "review": "./ChainLinkRateProvider.md", + "warnings": ["chainlink"], + "factory": "0x83E443EF4f9963C77bd860f94500075556668cb8", + "upgradeableComponents": [] + }, + "0xC092E0a4f5a2AdF3CF91E27cf4B7d7917D12CA2B": { + "asset": "0xd08C3F25862077056cb1b710937576Af899a4959", + "name": "instETH Rate Provider", + "summary": "safe", + "review": "./ChainLinkRateProvider.md", + "warnings": ["chainlink"], + "factory": "0x83E443EF4f9963C77bd860f94500075556668cb8", + "upgradeableComponents": [] + }, "0xe561451322a5efC51E6f8ffa558C7482c892Bc1A": { "asset": "0xA348700745D249c3b49D2c2AcAC9A5AE8155F826", "name": "WrappedUsdPlusRateProvider", @@ -1532,6 +1716,20 @@ "warnings": ["chainlink"], "factory": "0x83E443EF4f9963C77bd860f94500075556668cb8", "upgradeableComponents": [] + }, + "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12": { + "asset": "0x4186BFC76E2E237523CBC30FD220FE055156b41F", + "name": "RSETHRateReceiver", + "summary": "safe", + "review": "./rsETHRateProviderOptimism.md", + "warnings": [], + "factory": "", + "upgradeableComponents": [ + { + "entrypoint": "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12", + "implementationReviewed": "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12" + } + ] } }, "polygon": { @@ -1650,20 +1848,6 @@ "warnings": ["legacy"], "factory": "", "upgradeableComponents": [] - }, - "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12": { - "asset": "0x4186BFC76E2E237523CBC30FD220FE055156b41F", - "name": "RSETHRateReceiver", - "summary": "safe", - "review": "./rsETHRateProviderOptimism.md", - "warnings": [], - "factory": "", - "upgradeableComponents": [ - { - "entrypoint": "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12", - "implementationReviewed": "0x1373A61449C26CC3F48C1B4c547322eDAa36eB12" - } - ] } }, "zkevm": { diff --git a/rate-providers/sUSXRateProvider.md b/rate-providers/sUSXRateProvider.md new file mode 100644 index 0000000..0e2d0ee --- /dev/null +++ b/rate-providers/sUSXRateProvider.md @@ -0,0 +1,66 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [ethereum:0xc497F11326c3DE5086710EDa43354697b32c1541](https://etherscan.io/address/0xc497F11326c3DE5086710EDa43354697b32c1541) + - [arbitrum:0xf7ec24690fBCEc489E7C9A7055C04Db5C221c397](https://arbiscan.io/address/0xf7ec24690fBCEc489E7C9A7055C04Db5C221c397) +- Audit report(s): + - [dForce Lending](https://github.com/dforce-network/documents/tree/master/audit_report/Lending) + +## Context +sUSX is based on dForce's usx stablecoin. It is a yield-bearing version which accrues protocol fees from lending operations (Unitus protocol), Minting Fees from usx minting, redemption fees from converting usx back to underlying collateral, defi operations and other strategies. The rate of susx -> usx is reported by an ERC4626 rate provider. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + #### sUSX on mainnet + - upgradeable component: `sUSX` ([ethereum:0xbC404429558292eE2D769E57d57D6E74bbd2792d](https://etherscan.io/address/0xbC404429558292eE2D769E57d57D6E74bbd2792d#code)) + - admin address: [ethereum:0x145c79A1F0e1Ad5ad7fC8d99548a02A07B24F8FD](https://etherscan.io/address/0x145c79A1F0e1Ad5ad7fC8d99548a02A07B24F8FD#code) + - admin type: multisig + - multisig threshold/signers: 3/5 + #### sUSX on Arbitrum + - upgradeable component: `sUSX` ([arbitrum:0xbC404429558292eE2D769E57d57D6E74bbd2792d](https://arbiscan.io/address/0xbC404429558292eE2D769E57d57D6E74bbd2792d#code)) + - admin address: [arbitrum:0x9d82033BB36217B44567edC635bE926f74D1b76f](https://arbiscan.io/address/0x9d82033BB36217B44567edC635bE926f74D1b76f) + - admin type: multisig + - multisig threshold/signers: 3/5 + +### Oracles +- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + - source: Multisig + - source address: + #### Oracle on mainnet (3/5) + - [ethereum:0x145c79A1F0e1Ad5ad7fC8d99548a02A07B24F8FD](https://etherscan.io/address/0x145c79A1F0e1Ad5ad7fC8d99548a02A07B24F8FD) + #### Oracle on arbitrum (3/5) + - [arbitrum:0x9d82033BB36217B44567edC635bE926f74D1b76f](https://arbiscan.io/address/0x9d82033BB36217B44567edC635bE926f74D1b76f) + - any protections? YES: the new rate is based on a `_newUsr` value being pushed to the `usrConfigs` array, which is being read during the rate computation. The values are pushed as part of the permissioned call to `_addNewUsrConfig`. Various checks are in place to ensure resulting rates are bound to certain increasing/decreasing threshold levels. This includes: + - New epoch start times needing to be equal to or greater then the current block.timestamp + - new epoch start time needing to be greater or equal than the last epoch end time + - and `newUsr >= MIN_USR && _newUsr <= MAX_USR` as a requirement. + These checks ensure the rate change is bound to be within acceptable intervals. + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [ ] The Rate Provider is susceptible to donation attacks. + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: USABLE** + +These rate providers are usable with Balancer pools. The system upgradeability is behind a 3/5 multisig and oracle state updates are permissioned (3/5 multisig) as well as validity checks are done on the data being pushed by the oracle. diff --git a/rate-providers/sdeUSDRateProvider.md b/rate-providers/sdeUSDRateProvider.md new file mode 100644 index 0000000..195d4ee --- /dev/null +++ b/rate-providers/sdeUSDRateProvider.md @@ -0,0 +1,56 @@ +# Rate Provider: `ERC4626RateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [ethereum:0x414aB7081D3C2d0BA75703A465744DF99c9f9B22](https://etherscan.io/address/0x414aB7081D3C2d0BA75703A465744DF99c9f9B22#readContract) +- Audit report(s): + - [Elixir audits](https://docs.elixir.xyz/audit) + +## Context +deUSD ("decentralized US Dollar") is a fully collateralized synthetic dollar powered by the Elixir Network. Minted by stETH and sDAI, deposited collateral will be used to short ETH, creating a delta neutral position. Through leveraging this funding rate basis trade on Ethereum, the Elixir network creates a synthetic dollar capturing positive funding rates. Even in a negative funding rate environment however, deUSD is built to be resilient. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). + - upgradeable component: `stdeUSD` ([ethereum:0x5C5b196aBE0d54485975D1Ec29617D42D9198326](https://etherscan.io/address/0x5C5b196aBE0d54485975D1Ec29617D42D9198326#code)) + - admin address: [ethereum:0xD7CDBde6C9DA34fcB2917390B491193b54C24f24](https://etherscan.io/address/0xD7CDBde6C9DA34fcB2917390B491193b54C24f24) + - admin type: multisig + - multisig threshold/signers: 3/5 + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The rate can be changed by sending the vault's asset to the vault. + ```solidity + /// @notice Returns the amount of deUSD tokens that are vested in the contract. + function totalAssets() public view override returns (uint256) { + return IERC20(asset()).balanceOf(address(this)) - getUnvestedAmount(); + } + ``` + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. The vault implementation uses key functionality of the openzeppelin contract suite with some modifications. diff --git a/rate-providers/st-yETHRateProvider.md b/rate-providers/st-yETHRateProvider.md new file mode 100644 index 0000000..c24d77f --- /dev/null +++ b/rate-providers/st-yETHRateProvider.md @@ -0,0 +1,52 @@ +# Rate Provider: `styETHRateProvider` + +## Details +- Reviewed by: @mkflow27 +- Checked by: @danielmkm +- Deployed at: + - [ethereum:0x748d749c6Cd0cCA8f53F66A3A0D75a91E2978d65](https://etherscan.io/address/0x748d749c6cd0cca8f53f66a3a0d75a91e2978d65#code) +- Audit report(s): + - [yETH audits](https://github.com/yearn/yETH/blob/main/audits/01-chainsecurity.pdf) + +## Context +Users stake their yETH to mint st-yETH, accrue yield, and later unstake st-yETH to receive yETH back according to their earnings. Stakers receive all yield and slashings from the beacon chain (Ethereum proof-of-stake validators) and earn incentives if they participate and vote in yETH governance. +By bundling LSTs, st-yETH aims to generate the best risk-adjusted yield from ETH staking. Through protocol governance, st-yETH users can readjust pool weights to maximize yield while mitigating catastrophic scenarios where one or several LSTs in the yETH composition suffer adverse events like de-pegging or security incidents. + +## Review Checklist: Bare Minimum Compatibility +Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use. + +- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface. +- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals. + +## Review Checklist: Common Findings +Each of the items below represents a common red flag found in Rate Provider contracts. + +If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider. + +### Administrative Privileges +- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address). + +- [x] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). \ + - upgradeable component: `yETH` ([ethereum:0x1BED97CBC3c24A4fb5C069C6E311a967386131f7](https://vscode.blockscan.com/ethereum/0x1BED97CBC3c24A4fb5C069C6E311a967386131f7)) + - admin address: [ethereum:0xbBBBBbbB6B942883EAd4976882C99201108c784d](https://etherscan.io/address/0xbBBBBbbB6B942883EAd4976882C99201108c784d#readProxyContract) + - admin type: multisig 3/5 + - comment: The `yETH` `management` can assign the minter role. + + +### Oracles +- [ ] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes). + +- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price). + +### Common Manipulation Vectors +- [x] The Rate Provider is susceptible to donation attacks. + - comment: The rate can be influenced by sending `asset` to the staking contract. and triggering the `if current > last:` execution path of `_get_amounts`, increasing the value of `unlocked` which is used as part of the rate calculation. For more information see the code [here](https://vscode.blockscan.com/ethereum/0x583019fF0f430721aDa9cfb4fac8F06cA104d0B4). + + +## Additional Findings +To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users. + +## Conclusion +**Summary judgment: SAFE** + +This rate provider should work well with Balancer pools. While the downstream system can be paused, upgradeability is not part of the onchain deployments. diff --git a/rate-providers/statATokenLMRateProvider.md b/rate-providers/statATokenLMRateProvider.md index 527f66a..569c6da 100644 --- a/rate-providers/statATokenLMRateProvider.md +++ b/rate-providers/statATokenLMRateProvider.md @@ -9,6 +9,8 @@ - [polygon:0x9977a61a6aa950044d4dcD8aA0cAb76F84ea5aCd](https://polygonscan.com/address/0x9977a61a6aa950044d4dcD8aA0cAb76F84ea5aCd) - [arbitrum:0x87cD462A781c0ca843EAB131Bf368328848bB6fD](https://arbiscan.io/address/0x87cd462a781c0ca843eab131bf368328848bb6fd) - [arbitrum:0x48942B49B5bB6f3E1d43c204a3F40a4c5F696ef6](https://arbiscan.io/address/0x48942B49B5bB6f3E1d43c204a3F40a4c5F696ef6) + - [arbitrum:0x177862A0242acD8b5F9cc757a963c1C8883da45E](https://arbiscan.io/address/0x177862A0242acD8b5F9cc757a963c1C8883da45E#code) + - [arbitrum:0x183Ac1bCC538aa9729350f8a9C6357a268e1Bd03](https://arbiscan.io/address/0x183Ac1bCC538aa9729350f8a9C6357a268e1Bd03#code) - [optimism:0xdFa8d2b3c146b8a10B5d63CA0306AEa84B602cfb](https://optimistic.etherscan.io/address/0xdFa8d2b3c146b8a10B5d63CA0306AEa84B602cfb#code) - [optimism:0x3f921Ebabab0703BC06d1828D09a245e8390c263](https://optimistic.etherscan.io/address/0x3f921Ebabab0703BC06d1828D09a245e8390c263#code) - [base:0x4467Ab7BC794bb3929d77e826328BD378bf5392F](https://basescan.org/address/0x4467Ab7BC794bb3929d77e826328BD378bf5392F) @@ -87,6 +89,26 @@ If none of these is checked, then this might be a pretty great Rate Provider! If - admin type: Aave governance system. - multisig timelock? YES: 24 hours + - [arbitrum:0x177862A0242acD8b5F9cc757a963c1C8883da45E](https://arbiscan.io/address/0x177862A0242acD8b5F9cc757a963c1C8883da45E#code) + - upgradeable component: `StaticATokenLM` ([arbitrum:0xD9FBA68D89178e3538e708939332c79efC540179](https://arbiscan.io/address/0xD9FBA68D89178e3538e708939332c79efC540179#readProxyContract)) + - admin address: [arbitrum:0xFF1137243698CaA18EE364Cc966CF0e02A4e6327](https://arbiscan.io/address/0xFF1137243698CaA18EE364Cc966CF0e02A4e6327) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `Pool` ([arbitrum:0x794a61358D6845594F94dc1DB02A252b5b4814aD](https://arbiscan.io/address/0x794a61358D6845594F94dc1DB02A252b5b4814aD)) + - admin address: [arbitrum:0xFF1137243698CaA18EE364Cc966CF0e02A4e6327](https://arbiscan.io/address/0xFF1137243698CaA18EE364Cc966CF0e02A4e6327) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + + - [arbitrum:0x183Ac1bCC538aa9729350f8a9C6357a268e1Bd03](https://arbiscan.io/address/0x183Ac1bCC538aa9729350f8a9C6357a268e1Bd03#code) + - upgradeable component: `StaticATokenLM` ([arbitrum:0x89AEc2023f89E26Dbb7eaa7a98fe3996f9d112A8](https://arbiscan.io/address/0x89AEc2023f89E26Dbb7eaa7a98fe3996f9d112A8)) + - admin address: [arbitrum:0xFF1137243698CaA18EE364Cc966CF0e02A4e6327](https://arbiscan.io/address/0xFF1137243698CaA18EE364Cc966CF0e02A4e6327) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours. + - upgradeable component: `Pool` ([arbitrum:0x794a61358D6845594F94dc1DB02A252b5b4814aD](https://arbiscan.io/address/0x794a61358D6845594F94dc1DB02A252b5b4814aD)) + - admin address: [arbitrum:0xFF1137243698CaA18EE364Cc966CF0e02A4e6327](https://arbiscan.io/address/0xFF1137243698CaA18EE364Cc966CF0e02A4e6327) + - admin type: Aave governance system. + - multisig timelock? YES: 24 hours + - [optimism:0xdFa8d2b3c146b8a10B5d63CA0306AEa84B602cfb](https://optimistic.etherscan.io/address/0xdFa8d2b3c146b8a10B5d63CA0306AEa84B602cfb#code) - upgradeable component: `StaticATokenLM` ([optimism:0x4DD03dfD36548C840B563745e3FBeC320F37BA7e](https://optimistic.etherscan.io/address/0x4DD03dfD36548C840B563745e3FBeC320F37BA7e))