Opus - 0xepley's results

🛠️ Analysis - Opus

A cross margin credit protocol with autonomous monetary policy and dynamic risk parameters.

Summary

a) Overview of the Opus Project

The Opus project is a decentralized finance (DeFi) platform designed to offer users various financial services on the blockchain. It leverages smart contracts to enable activities such as collateralized lending, liquidity provision, and rewards distribution. Users can interact with the platform by depositing specific cryptocurrencies as collateral to participate in liquidity pools, earn rewards, or take out loans. The project focuses on security, scalability, and user experience, aiming to provide a comprehensive ecosystem for decentralized financial services.

Key Features and Functionalities:

1. Collateral Management: Users can deposit various tokens (e.g., WBTC, ETH, wstETH) as collateral to participate in the platform's offerings.
2. Liquidity Provision and Earning Rewards: It facilitates liquidity provision to various pools, allowing users to earn rewards based on their contributions.
3. Loan and Credit Facilities: Offers mechanisms for users to take loans against their deposited collateral under certain conditions.
4. Risk Management and Liquidation Protocols: Implements safeguards and protocols for managing the health of assets and positions, including liquidation mechanisms for undercollateralized positions.
5. PID Controller for Dynamic Adjustments: Incorporates a PID controller for adaptive and dynamic adjustments within the system, enhancing stability and responsiveness.

b) Technical Architecture:

<br/>

Opus architecture is built around a set of smart contracts, each serving specific roles:

<br/>

Domain Model of the Protocol

<br/>

c) The approach I would follow when reviewing the code

First, by examining the scope of the code, I determined my code review and analysis strategy. https://code4rena.com/audits/2024-01-opus#top

Accordingly, I would analyze and audit the subject in the following steps;

d) Analysis of the code base

The most important summary in analyzing the code base is the stacking of codes to be analyzed. In this way, many predictions can be made, including the difficulty levels of the contracts, which one is more important for the auditor, the features they contain that are important for security (payable functions, uses assembly, etc.), the audit cost of the project, and the time to be allocated to the audit; Uses Consensys Solidity Metrics

• filename: This field indicates the language in which smart contracts are written

• Code: This field indicates the number of actual lines of code in the smart contract.

• Comment: This field indicates the number of lines in the smart contract.

• Blank: This field indicates the number of Blank lines in the smart contract.

• Total: This field indicates the number of Total lines (code + comment + blank) in the smart contract.

Analysis of sloc of core contracts

Total : 13 files, 3990 codes, 1489 comments, 1115 blanks, all 6594 lines

Files

Comment-to-Source Ratio:

Core contracts: On average there are 4.69 code lines per comment (lower=better).

e) Test analysis

1. Install Scarb v2.4.0 by running:

curl --proto '=https' --tlsv1.2 -sSf https://docs.swmansion.com/scarb/install.sh | sh -s -- -v 2.4.0

2. Install Starknet Foundry v0.13.1 by running:

curl -L https://raw.githubusercontent.com/foundry-rs/starknet-foundry/master/scripts/install.sh | sh

snfoundryup -v 0.13.1

3. Run scarb test.

What did the project do differently? ;

• 1. It can be said that the developers of the project did a quality job, there is a test structure consisting of tests with quality content. In particular, tests have been written successfully.
• 2. Overall line coverage percentage provided by your tests : 90

What could they have done better?

• 1. If we look at the test scope and content of the project with a systematic checklist, we can see which parts are good and which areas have room for improvement As a result of my analysis, those marked in green are the ones that the project has fully achieved. The remaining areas are the development areas of the project in terms of testing ;

Ref:https://xin-xia.github.io/publication/icse194.pdf

• 2): It is recommended to increase the test coverage to 100% so make sure that each and every line is battle tested

f) Security Approach of the Project

Successful current security understanding of the project;

1- The project has already underwent an audits(stated in the docs), this innovative assessments on Code4rena is the second audit, where multiple auditors are scrutinizing the code.

According to the Docs, which can be found here

The core contracts found in opus_contracts directory have been audited by:

• Trail of Bits

What the project should add in the understanding of Security;

1- By distributing the project to testnets, ensuring that the audits are carried out in onchain audit. (This will increase coverage)

2- Add On-Chain Monitoring System; If On-Chain Monitoring systems such as Forta are added to the project, its security will increase.

For example ; This bot tracks any DEFI transactions in which wrapping, unwrapping, swapping, depositing, or withdrawals occur over a threshold amount. If transactions occur with unusually high token amounts, the bot sends out an alert. https://app.forta.network/bot/0x7f9afc392329ed5a473bcf304565adf9c2588ba4bc060f7d215519005b8303e3

3- After the Code4rena audit is completed and the project is live, I recommend the audit process to continue, projects like immunefi do this. https://immunefi.com/

4- Emergency Action Plan In a high-level security approach, there should be a crisis handbook like the one below and the strategic members of the project should be trained on this subject and drills should be carried out. Naturally, this information and road plan will not be available to the public. https://docs.google.com/document/u/0/d/1DaAiuGFkMEMMiIuvqhePL5aDFGHJ9Ya6D04rdaldqC0/mobilebasic#h.27dmpkyp2k1z

5- I also recommend that you have an "Economic Audit" for projects based on such complex mathematics and economic models. An example Economic Audit is provided in the link below; Economic Audit with Three Sigma

6 - As the project team, you can consider applying the multi-stage audit model.

Read more about the MPA model; https://mpa.solodit.xyz/

7 - I recommend having a masterplan applied to project team members (This information is not included in the documents). All authorizations, including NPM passwords and authorizations, should be reserved only for current employees. I also recommend that a definitive security constitution project be found for employees to protect these passwords with rules such as 2FA. The LEDGER hack, which has made a big impact recently, is the best example in this regard;

https://twitter.com/Ledger/status/1735326240658100414?t=UAuzoir9uliXplerqP-Ing&s=19

g) In-depth architecture assessment of business logic

The OPUS protocol's architecture is meticulously designed to serve as an advanced framework for synthetic asset management within the DeFi ecosystem, emphasizing modularity, security, and scalability. This architecture facilitates the creation, trading, and management of synthetic assets by leveraging blockchain technology to offer a decentralized, transparent, and efficient alternative to traditional financial instruments.

Shrine Contract: The Heart of OPUS

At the core of the OPUS protocol is the Shrine Contract, a sophisticated smart contract that manages the lifecycle of synthetic assets. It is responsible for:

• Minting and Burning: Users can mint new synthetic assets by locking collateral in the Shrine Contract. Similarly, assets can be burned to release the underlying collateral, maintaining a stable and secure backing for each synthetic asset issued.
• Interest Rate Adjustment: Employing an algorithmic approach, the Shrine Contract dynamically adjusts interest rates based on the total supply and demand within the protocol, optimizing economic incentives and ensuring system stability.
• Collateral Management: The contract manages a diverse range of collateral types, adjusting collateralization ratios in real-time to reflect market conditions and mitigate risks associated with price volatility.
• Liquidation Protocol: Incorporates a robust liquidation mechanism to safeguard against undercollateralized positions, ensuring the protocol's solvency and protecting users' interests.

Decentralized Autonomous Organization (DAO)

Governance within the OPUS protocol is decentralized and democratized through the DAO, which allows token holders to propose, vote on, and implement changes to the protocol. This includes:

• Parameter Adjustments: The DAO has the authority to modify critical protocol parameters, such as collateralization ratios, interest rates, and supported collateral types, in response to evolving market dynamics.
• Protocol Upgrades: Through collective decision-making, the community can introduce new features, optimize existing ones, and make strategic decisions to steer the protocol's development direction.
• Reward Distribution: The DAO also oversees the distribution of rewards within the protocol, ensuring that incentives are aligned with the protocol's long-term health and sustainability.

Price Oracle Integration

The OPUS protocol relies on accurate and timely price data to manage synthetic assets effectively. It integrates with trusted price oracles to:

• Provide Real-time Pricing: Ensures that all synthetic assets are minted, traded, and liquidated at fair market values.
• Mitigate Oracle Risks: Implements multiple oracle sources and fallback mechanisms to protect against single points of failure and ensure data integrity.

Staking and Rewards Mechanism

To incentivize participation and secure the protocol, OPUS implements a staking and rewards mechanism:

• Staking for Security: Users can stake tokens to participate in governance, secure the network, and contribute to the protocol's stability.
• Dynamic Rewards Distribution: The protocol dynamically adjusts reward distributions based on participation levels and system needs, encouraging behaviors that enhance protocol health.

In summary, the OPUS protocol's architecture is a testament to the power of combining DeFi innovations with traditional finance principles, offering a comprehensive platform for synthetic asset management. Its emphasis on decentralization, security, and user-centricity positions it as a significant player in the DeFi space, poised to address the challenges of modern finance with blockchain solutions.

h) Codebase Quality

Overall, I consider the quality of the Opus protocol codebase to be Good. The code appears to be mature and well-developed. We have noticed the implementation of various standards adhere to appropriately. Details are explained below:

i) Other Audit Reports and Automated Findings

Previous Audits Although the security Report of previous Audit isn't public but we can see it the docs that the opus_contracts already went an audit Trail of Bits

Known issues and risks

• The protocol relies on a trusted and honest admin with superuser privileges for all modules with access control at launch.
• There is currently no fallback oracle. This is planned once more oracles are live on Starknet.
• Interest is not accrued on redistributed debt until they have been attributed to a trove. This is intended as the alternative would be too computationally intensive.
• Interest that have not been accrued at the time of shutdown will result in a permanent loss of debt surplus i.e. income. This is intended as the alternative to charge interest on all troves would be too expensive.

j) Contract Functionalities

The OPUS protocol encompasses a suite of smart contracts, each designed to fulfill specific roles within the ecosystem, focusing on synthetic asset management, governance, collateralization, and rewards distribution. Below, we delve into the key contracts, outlining their primary functionalities and technical characteristics:

Shrine Contract

Functionalities:

• Minting and Burning of Synthetic Assets: Enables users to create or destroy synthetic assets by depositing or withdrawing collateral, respectively.
• Interest Rate Management: Dynamically adjusts interest rates based on the protocol's economic conditions to maintain stability and incentivize certain behaviors.
• Collateral Management: Supports multiple types of collateral, managing their valuation and liquidation thresholds to ensure the protocol remains overcollateralized.
• Liquidation Mechanism: Initiates liquidation processes for undercollateralized positions to protect the protocol's integrity and user assets.

Technical Characteristics:

• Modular Design: Allows for easy updates and integration of new features or collateral types without disrupting the core functionalities.
• Security Mechanisms: Implements checks and balances, such as reentrancy guards and oracle validation, to mitigate risks associated with smart contract vulnerabilities and price manipulation.

<br/>

<br/>

DAO Governance Contract

Functionalities:

• Proposal Submission and Voting: Facilitates the decentralized governance process, allowing token holders to submit proposals and vote on them.
• Protocol Parameter Adjustment: Authorizes changes to critical protocol parameters, such as interest rates, collateral types, and liquidation thresholds.
• Contract Upgrades: Manages the upgrade process for the protocol's smart contracts, ensuring that changes are made transparently and with community consensus.

Technical Characteristics:

• Flexible Voting System: Supports various voting mechanisms, including simple majority and weighted voting, to accommodate different types of decisions.
• Timelock Mechanism: Enforces a delay between proposal approval and execution, providing a window for community review and potential vetoing of contentious decisions.

Price Oracle Contract

Functionalities:

• Price Feeding: Provides real-time price data for various assets, enabling accurate valuation of collateral and synthetic assets.

Staking and Rewards Contract

Functionalities:

• Staking Collateral Tokens: Allows users to stake collateral tokens to participate in governance and earn rewards.
• Rewards Distribution: Manages the distribution of protocol-generated rewards to stakers based on their contribution and stake size.

Technical Characteristics:

• Flexible Reward Mechanisms: Adopts dynamic reward formulas that can adjust based on the performance and staking participation rates.
• Governance Integration: Tightly integrates with the DAO governance contract to allow stakers to exercise their governance rights directly.

Liquidation Manager Contract

Functionalities:

• Automated Liquidation Processes: Automatically triggers the liquidation of undercollateralized positions to safeguard the protocol's solvency.
• Liquidation Auctions: Facilitates liquidation auctions, allowing participants to bid on collateral from liquidated positions.

k) Full representation of the project’s risk model

The OPUS protocol, like any decentralized finance (DeFi) platform, faces several categories of risk, including administrative, systemic, technical, and integration risks. Understanding and mitigating these risks are crucial for the security and efficiency of the protocol.

Admin Abuse Risks

Centralization of Control: Even with decentralized governance structures like DAOs, the risk of admin abuse exists if a small number of participants control a majority of governance tokens. This could lead to unilateral decision-making, including unfavorable changes to protocol parameters or misallocation of funds.

Governance Manipulation: The potential for governance proposals to be manipulated by actors with large stakes or through social engineering attacks poses a risk to the protocol's integrity and direction.

Technical Risks

Smart Contract Vulnerabilities: Bugs or logical errors in the smart contracts can lead to loss of funds, unauthorized access, or unintended behavior. Given the complexity of contracts like the Shrine, interest rate models, and oracle interactions, the attack surface is significant.

Scalability Concerns: As transaction volumes grow, the platform must scale without compromising performance or security.

l) Packages and Dependencies Analysis 📦

m) New insights and learning of project from this audit:

As an auditor having reviewed the OPUS protocol, the audit process has yielded several insights and learning experiences, emphasizing the complexity and sophistication of decentralized finance (DeFi) ecosystems. Here are the key takeaways:

1. Interconnectedness of Contracts

The OPUS protocol showcases an intricate web of smart contracts interacting with each other, where the behavior of one contract can significantly impact others. For instance, the Shrine contract's role as the core for synthetic asset management is closely tied to the Interest Rate Model, Price Oracle, and Liquidation Manager, among others. Understanding these interactions is crucial for assessing the protocol's resilience, security, and efficiency.

2. Importance of Governance

The audit process highlighted the critical role of governance in the OPUS protocol, managed through the DAO. It showed how decentralized decision-making processes are embedded into the protocol's operations, from proposing adjustments to executing protocol updates. This underlines the necessity for auditors to examine governance mechanisms thoroughly, ensuring they are secure, fair, and resistant to manipulation.

3. Complexity of Risk Management

The protocol's approach to managing risk, particularly through the Liquidation Manager and the Interest Rate Model, demonstrated the nuanced balance required to maintain system stability. Auditing these components provided insights into the challenges of designing DeFi systems that are resilient to market volatility and systemic risks.

4. Oracles as Critical Infrastructure

Price Oracles serve as a backbone for the OPUS protocol, feeding necessary market data for various operations, including asset minting/burning and liquidation processes. The audit reinforced the importance of oracles in DeFi protocols and the need to ensure their reliability, security, and resistance to price manipulation or oracle failure.

5. Innovative Use of Staking and Rewards

The Staking Rewards contract and the subsequent distribution of incentives illustrate innovative approaches to encourage protocol participation and secure network operations. It was insightful to see how these mechanisms are designed to balance protocol liquidity, user engagement, and governance participation.

In conclusion, auditing the OPUS protocol was a comprehensive learning experience, showcasing the depth of innovation in DeFi while also highlighting the critical areas of focus for ensuring the security, stability, and sustainability of such protocols.

Note: I didn't tracked the time, the time I mentioned is just a number.

Time spent:

25 hours