UniStaker Infrastructure - 0xepley's results

🛠️ Analysis - SUniStaker Infrastructure

Staking infrastructure to empower Uniswap Governance..

Summary

a) Overview of the UniStaker Infrastructure Project

The UniStaker Infrastructure project is an innovative blockchain initiative designed to leverage the Uniswap V3 protocol, enabling UNI token holders to participate in protocol fee collection and distribution through a staking mechanism. The project introduces a seamless way to earn rewards by staking UNI tokens, while simultaneously engaging in the governance of the Uniswap ecosystem. Upon depositing UNI tokens into the UniStaker contract, users can delegate their governance voting power, ensuring they remain active participants in decision-making processes without sacrificing potential earnings from protocol fees. The system automatically auctions accumulated fees from various Uniswap V3 Pools in exchange for a designated reward token, distributing these rewards proportionally among stakers. Additionally, the DelegationSurrogate contract ensures that users' governance rights are retained, allowing for the delegation of voting power to a chosen representative.

b) Technical Architecture

The UniStaker Infrastructure project is designed to weave together Uniswap V3's liquidity provision and fee generation capabilities with UNI token staking and governance participation. Here's an overview of its technical architecture and workflow:

Core Components

1. UniStaker Contract: At the heart of the infrastructure lies the UniStaker contract, which orchestrates the staking of UNI tokens, delegation of governance rights, and distribution of rewards. This contract allows UNI token holders to stake their tokens, choose a delegate for their governance rights, and earn rewards based on the fees collected from Uniswap V3 pools.

2. V3FactoryOwner Contract: This contract acts as the owner of the Uniswap V3 Factory, possessing the authority to enable fee levels on Uniswap V3 pools and collect fees. It features a unique mechanism allowing anyone to claim collected fees from specific pools by paying a predetermined amount of a designated token (PAYOUT_TOKEN), which is then distributed as rewards to stakers.

3. DelegationSurrogate Contract: Designed to maintain governance participation for pooled token holders, this contract holds staked tokens and delegates voting power to a specified address. It ensures that despite the tokens being staked or pooled, the governance rights of individual token holders are preserved and exercised according to their delegation preferences.

Interfaces

The system utilizes several interfaces to interact with external contracts and protocols:

• IERC20Delegates: Facilitates interaction with governance tokens, supporting standard ERC20 operations and delegation functionalities.

• INotifiableRewardReceiver: Defines the method for notifying about rewards, used by the V3FactoryOwner to alert the UniStaker contract about the rewards from fee collection.

• IUniswapV3FactoryOwnerActions & IUniswapV3PoolOwnerActions: Allow the V3FactoryOwner contract to interact with the Uniswap V3 Factory and individual pools, enabling fee settings and collections.

Workflow

1. Staking and Delegation: Users stake their UNI tokens through the UniStaker contract, which records the staked amount and delegates the users' governance voting power to the chosen delegatees via DelegationSurrogate contracts. This process ensures users' participation in governance without direct involvement.

2. Fee Collection and Reward Distribution: The V3FactoryOwner contract collects fees from Uniswap V3 pools by selling the accrued fees to parties interested in paying the payout token. The collected payout tokens are then forwarded to the UniStaker contract.

3. Reward Notification and Distribution: Upon receiving the payout tokens, the UniStaker contract is notified about the reward amount through the INotifiableRewardReceiver interface. It then distributes these rewards to stakers proportionally, based on their staked amounts and the duration of the stake.

4. Governance Participation: Throughout this process, the governance rights of staked UNI tokens are exercised by the designated delegatees, ensuring that the stakers' voices are heard in Uniswap governance decisions without compromising their ability to earn rewards.

WorkFlow diagram

<br/>

Here's a structured overview of the files involved in the UniStaker Infrastructure project, detailing their core functionality, technical characteristics, and their importance within the system:

<br/> <br/>

c) The approach I would follow when reviewing the code

First, by examining the scope of the code, I determined my code review and analysis strategy. https://code4rena.com/audits/2024-02-unistaker-infrastructure#top

My approach to ensure a thorough and comprehensive audit would encompass several steps, combining theoretical understanding, practical testing, and security assessments. Here’s how I would proceed:

1. Documentation Review

First, I started by reading the project documentation in detail. Understanding the project's goals, architecture, and functionalities as outlined in the docs helps me grasp the intended use cases and the design rationale behind the smart contracts. This initial step is crucial for aligning my understanding with the project's objectives and preparing for a more technical dive.

2. Codebase Familiarization

Next, I cloned the project repository and familiarize myself with the codebase structure. I take note of how the contracts are organized, the naming conventions, and how the interfaces are defined and implemented. This step helps me understand the project’s modularity and the relationships between different contracts.

3. Dependency and Configuration Analysis

Before diving into the contract logic, I reviewed the project’s dependencies, such as OpenZeppelin contracts, and configuration settings, including compiler versions. This is to ensure that the project uses secure and up-to-date libraries and follows best practices for deployment.

4. Manual Code Review

With a solid understanding of the project structure and goals, I would begin a line-by-line review of the smart contracts. My focus would be on identifying common smart contract vulnerabilities such as reentrancy, overflow/underflow, improper access control, and unchecked external calls. Additionally, I assessed the contracts for logic errors, inefficiencies, and deviations from the documented functionalities.

5. Testing and Coverage Analysis

After the manual review, I run the project’s test suite to ensure all tests pass and to identify any areas of the code not covered by tests. I would write additional tests if necessary to achieve comprehensive coverage, particularly focusing on edge cases and failure modes.

9. Interaction with External Systems

Since the project interacts with Uniswap V3, I review the integration points and external calls to ensure they are handled securely, respecting the trust boundaries and mitigating risks associated with external dependencies.

d) Analysis of the code base

The most important summary in analyzing the code base is the stacking of codes to be analyzed. In this way, many predictions can be made, including the difficulty levels of the contracts, which one is more important for the auditor, the features they contain that are important for security (payable functions, uses assembly, etc.), the audit cost of the project, and the time to be allocated to the audit; Uses Consensys Solidity Metrics

• File name: This field indicates the number of Contracts involves

• Lines: This field represents the total number of lines in the source file, including code lines, comments, and blank lines.

• nSLOC: nSLOC stands for "normalized source lines of code," and it further refines nLines by excluding both blank lines and comments. It gives a more accurate measure of the code's complexity.

• Comment Lines: This field specifies the number of lines in the source file that contain comments.

• nLines: nLines typically stands for "normalized lines" and represents the total number of lines in the source file excluding blank lines.

Total : 7 files, 563 codes, 450 comments, 142 blanks, all 1155 lines

Files

Comment-to-Source Ratio: On average there are 1.25 code lines per comment (lower=better).

State diagram

This State diagram provides an overview of the key components and how they are interconnected.

<br/> <br/>

e) Mechanical Overview

The UniStaker Infrastructure project is designed to enhance the functionality of Uniswap V3 by introducing a novel mechanism for staking UNI tokens, collecting protocol fees, and distributing rewards. This system allows UNI holders to stake their tokens, participate in governance through delegated voting, and earn rewards generated from Uniswap V3's trading fees. The project is built around three core smart contracts: UniStaker, V3FactoryOwner, and DelegationSurrogate, each serving distinct roles within the ecosystem.

UniStaker

Functionality and Mechanism: The UniStaker contract is the heart of the project, managing the staking of UNI tokens and the distribution of rewards. UNI holders can stake their tokens in this contract and delegate their governance rights. The contract also defines how staked tokens can earn rewards, which are not paid out in the native fee tokens collected from Uniswap V3 but rather in a designated rewards token specified at the contract's deployment.

How It Works: When UNI tokens are staked, the contract tracks the amount staked by each participant and their proportional share of the total staked amount. The rewards are distributed based on these shares, with the mechanism allowing for continuous reward accrual and claimability. Stakers can also designate a beneficiary address different from their own to receive the rewards, adding flexibility to the rewards distribution.

<br/>

V3FactoryOwner

Functionality and Mechanism: The V3FactoryOwner contract acts as an owner of the Uniswap V3 Factory, with specific rights to enable fee amounts on Uniswap V3 pools and set protocol fees. Importantly, this contract has a public function allowing anyone to claim protocol fees from any Uniswap V3 pool by paying a specified amount of a designated token. The collected fees are then sent to the UniStaker contract as rewards for stakers.

How It Works: To incentivize the collection of fees (and thus the distribution of rewards to stakers), the V3FactoryOwner introduces a "payout race" mechanism. External actors (like MEV searchers) can pay the payout token to claim accumulated fees from Uniswap pools. This mechanism ensures that the protocol fees contribute directly to the staking rewards, aligning the incentives of various ecosystem participants.

<br/>

DelegationSurrogate

Functionality and Mechanism: The DelegationSurrogate contract is a simple yet crucial component that enables governance rights to be maintained by stakers. It acts as a holding entity for staked tokens, delegating the governance voting power of these tokens to a specified delegatee. This allows stakers to participate in Uniswap governance without sacrificing their staking rewards.

How It Works: Upon staking in the UniStaker contract, if a user wishes to delegate their governance rights to another address, the UniStaker interacts with DelegationSurrogate to ensure that the staked tokens' voting power is delegated accordingly. This preserves the decentralized governance model of Uniswap while still allowing users to earn staking rewards.

<br/>

Conceptual Overview

The UniStaker Infrastructure project innovatively bridges the gap between participating in Uniswap's governance and earning rewards from protocol fees. By staking UNI tokens, users can contribute to the security and governance of the Uniswap protocol while earning a share of the trading fees generated by the platform. The V3FactoryOwner's unique fee collection mechanism incentivizes active participation in the ecosystem, ensuring a continuous flow of rewards to stakers. Meanwhile, the DelegationSurrogate ensures that staking does not come at the cost of disenfranchising users from governance participation, thereby supporting Uniswap's decentralized ethos.

This architecture not only enhances the utility of UNI tokens by providing staking rewards but also strengthens the Uniswap V3 ecosystem by encouraging long-term holding and active governance participation. The project represents a thoughtful integration of staking, rewards, and governance functionalities within the DeFi space, showcasing a model that could inspire similar mechanisms across other platforms.

f) Test analysis

Foundry Testing:

Foundry, a modern smart contract testing framework, was utilized to test the unistaker contracts. This involved several key steps:

a. Installation and Setup: - Foundry was installed using the command curl -L https://foundry.paradigm.xyz | bash, followed by foundryup to ensure the latest version was in use. - Dependencies were installed using forge install, ensuring all necessary components were available for the testing process. - Then to run the tests, I simply added the relevant files to the .env, referencing .env.example.

b. Execution of Tests: - Tests were run using forge install followed by forge build and then forge test, executing a suite of predefined test cases that covered various functionalities and scenarios.

c. Test Coverage and Documentation: - The overview of the testing suite, as referred to in the provided documentation, likely details the scope, scenarios, and objectives of each test, ensuring a comprehensive assessment of the contracts.

What did the project do differently? ;

• 1. It can be said that the developers of the project did a quality job, there is a test structure consisting of tests with quality content. In particular, tests have been written successfully.
• 2. Overall line coverage percentage provided by your tests : 100

What could they have done better?

• 1. If we look at the test scope and content of the project with a systematic checklist, we can see which parts are good and which areas have room for improvement As a result of my analysis, those marked in green are the ones that the project has fully achieved. The remaining areas are the development areas of the project in terms of testing ;

Ref:https://xin-xia.github.io/publication/icse194.pdf

<br/> <br/>

g) Security Approach of the Project

Successful current security understanding of the project;

1- The project has already underwent an audits (Trail of Bits ), this innovative assessments on Code4rena is the second, where multiple auditors are scrutinizing the code.

What the project should add in the understanding of Security;

1- By distributing the project to testnets, ensuring that the audits are carried out in onchain audit. (This will increase coverage)

2- Add On-Chain Monitoring System; If On-Chain Monitoring systems such as Forta are added to the project, its security will increase.

For example ; This bot tracks any DEFI transactions in which wrapping, unwrapping, swapping, depositing, or withdrawals occur over a threshold amount. If transactions occur with unusually high token amounts, the bot sends out an alert. https://app.forta.network/bot/0x7f9afc392329ed5a473bcf304565adf9c2588ba4bc060f7d215519005b8303e3

3- After the Code4rena audit is completed and the project is live, I recommend the audit process to continue, projects like immunefi do this. https://immunefi.com/

4- Emergency Action Plan In a high-level security approach, there should be a crisis handbook like the one below and the strategic members of the project should be trained on this subject and drills should be carried out. Naturally, this information and road plan will not be available to the public. https://docs.google.com/document/u/0/d/1DaAiuGFkMEMMiIuvqhePL5aDFGHJ9Ya6D04rdaldqC0/mobilebasic#h.27dmpkyp2k1z

5- I also recommend that you have an "Economic Audit" for projects based on such complex mathematics and economic models. An example Economic Audit is provided in the link below; Economic Audit with Three Sigma

6 - As the project team, you can consider applying the multi-stage audit model.

Read more about the MPA model; https://mpa.solodit.xyz/

7 - I recommend having a masterplan applied to project team members (This information is not included in the documents). All authorizations, including NPM passwords and authorizations, should be reserved only for current employees. I also recommend that a definitive security constitution project be found for employees to protect these passwords with rules such as 2FA. The LEDGER hack, which has made a big impact recently, is the best example in this regard;

https://twitter.com/Ledger/status/1735326240658100414?t=UAuzoir9uliXplerqP-Ing&s=19

h) Codebase Quality

Overall, I consider the quality of the unistaker protocol codebase to be Good. The code appears to be mature and well-developed, though there are areas for improvement, particularly in code commenting. We have noticed the implementation of various standards adhere to appropriately. Details are explained below:

Solidity and Clarity

• Smart Contract Structure: The project's smart contracts are well-structured and logically organized. The separation of concerns is evident in the delineation between staking logic (UniStaker.sol), Uniswap V3 Factory ownership (V3FactoryOwner.sol), and governance token delegation (DelegationSurrogate.sol). This modular approach facilitates easier understanding and maintenance.

• Code Readability and Documentation: The contracts are accompanied by comprehensive comments and documentation, following the NatSpec format. This not only aids in understanding the contract functionalities but also ensures that future developers or auditors can quickly grasp the intended behavior of the code.

Security Practices

• Use of Established Patterns and Libraries: The project leverages OpenZeppelin contracts for standard functionalities such as ERC20 interactions and access control, which is a positive indicator of codebase quality. Employing these tested and audited libraries helps prevent common vulnerabilities.

• Security Measures and Considerations: The mechanisms for staking, rewards distribution, and governance delegation are designed with security in mind. For instance, the use of DelegationSurrogate to maintain governance rights while staking UNI tokens is an innovative approach that also considers the security implications of delegation.

• Potential Areas for Enhancement: While the project demonstrates a strong understanding of security principles, continuous review and testing are necessary, especially considering the dynamic and evolving landscape of DeFi and smart contract vulnerabilities. Integration with Uniswap V3 introduces complexities that require ongoing vigilance to ensure compatibility and security, particularly concerning protocol fee collection and token delegation.

Adherence to DeFi and Uniswap Best Practices

• Integration with Uniswap V3: The project's design thoughtfully considers its role within the broader Uniswap V3 ecosystem, offering functionalities that complement the existing features of Uniswap, such as liquidity provision and fee generation. The choice to enable public claiming of protocol fees through the V3FactoryOwner contract is particularly noteworthy, as it aligns with the permissionless and decentralized ethos of DeFi.

• Upgradability and Future-proofing: While the current implementation serves its purpose well, the rapidly evolving nature of DeFi and Uniswap might necessitate future upgrades or enhancements. The project could benefit from incorporating more flexible upgrade mechanisms or considering the long-term governance structure for managing such changes, ensuring that it can adapt to future Uniswap upgrades or shifts in DeFi trends.

i) Other Audit Reports and Automated Findings

Bot findings: https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/bot-report.md

4naly3er Report: https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/4naly3er-report.md

Previous Audits Not Public Yet

j) Full representation of the project’s risk model

1. Admin Abuse Risks:

In the context of the UniStaker Infrastructure project, the concept of "Admin Abuse Risks" encompasses potential vulnerabilities or scenarios where the administrative roles associated with the smart contracts could be misused, leading to adverse effects on the protocol's integrity, user assets, or governance processes. Given the project's integration with Uniswap V3 and its unique functionalities around staking, fee collection, and governance rights delegation, let's critically analyze the specific admin roles and their associated risks.

V3FactoryOwner Contract

The V3FactoryOwner contract holds the authority over the Uniswap V3 Factory settings, including enabling fee amounts and setting protocol fees on pools. While this centralization of control is necessary for certain administrative functions, it introduces several risks:

• Protocol Fee Adjustments: The admin can adjust protocol fees on Uniswap V3 pools. If done maliciously or carelessly, it could disrupt the economic balance, affecting liquidity providers' earnings and potentially the overall liquidity of the Uniswap V3 platform.

• Fee Collection Mechanism: The admin's ability to change the payout amount required for collecting protocol fees introduces a risk. An unreasonably high payout amount could deter the collection of fees, while too low a payout amount might lead to exploitation where fees are collected too frequently, potentially draining value from the protocol.

UniStaker Contract

The UniStaker contract admin has control over crucial functionalities such as updating reward distribution parameters and adding or removing sources of revenue. Potential abuses could include:

• Reward Distribution Manipulation: By altering reward distribution logic or parameters, an admin could unfairly benefit certain stakers over others or divert rewards to unintended recipients.

2. Systemic Risks:

• Interconnected Contract Dependencies: The project's DeFi ecosystem comprises various interdependent contracts. A malfunction or exploitation in one contract could ripple through the entire system.

• Protocol Dependency: The UniStaker Infrastructure's functionality is tightly coupled with Uniswap V3. Any significant changes or disruptions in Uniswap V3, such as upgrades or downtime, could directly impact the project's operations and user experience.

• Market Volatility and Economic Shocks: The project's reliance on certain tokens for rewards and fee payments exposes it to market volatility. Sharp price movements could affect the economic viability of staking and claiming rewards, introducing systemic risks related to user engagement and protocol sustainability.

3. Technical Risks:

• Smart Contract Vulnerabilities: Given the complexity of contracts like Upkeep.sol, Staking.sol, and others, there's a risk of bugs or vulnerabilities that could be exploited, despite thorough auditing.

By continuously monitoring these risk factors and implementing robust mitigation strategies, Unistaker can aim to ensure a secure and resilient DeFi ecosystem for its users.

k) New insights and learning of project from this audit:

From conducting this audit on the UniStaker Infrastructure project, several new insights and learnings have emerged, particularly highlighting the innovative approaches to staking, governance, and fee distribution within the Uniswap V3 ecosystem. These insights not only reflect on the technical architecture and solidity practices but also on broader DeFi governance and incentive mechanisms. Here are key takeaways:

1. Innovative Staking Mechanism: The UniStaker contract introduces a nuanced staking model where UNI token holders can earn rewards not directly in fee tokens but in another designated token. This approach diverges from traditional staking rewards mechanisms, showcasing a flexible rewards distribution model that could be adapted to different DeFi protocols seeking to optimize their tokenomics.

2. Governance Participation Preserved: The introduction of the DelegationSurrogate contract is a clever solution to a common problem faced by token stakers - the potential loss of governance rights. By enabling stakers to delegate their voting power while their tokens are staked, the project ensures active governance participation, reinforcing the decentralized ethos of Uniswap.

3. Fee Distribution and Incentive Alignment: The V3FactoryOwner contract's mechanism to allow any entity to claim protocol fees by paying a designated token amount introduces a competitive model for fee collection. This could potentially create a new dynamic within the Uniswap ecosystem, where third parties actively participate in the protocol's economy, aligning incentives across the board.

4. Smart Contract Modularity and Interoperability: The project showcases a modular approach to smart contract development, with distinct contracts handling specific functionalities (staking, governance delegation, fee collection). This design promotes reusability and interoperability within the DeFi space, where components of one protocol could be integrated into another with minimal friction.

This audit has not only provided a deeper understanding of the UniStaker Infrastructure project's technical and economic designs but also inspired considerations for future DeFi projects in terms of governance participation, incentive alignment, and the balance between decentralization and administrative control.

Note: I didn't tracked the time, the time I mentioned is just an estimate

Time spent:

5 hours