Centrifuge - K42's results

Advanced Analysis Report for Centrifuge by K42

Overview

• From my time looking into Centrifuge: Centrifuge is an institutional platform for on-chain credit, focusing on Real-World Assets. It operates on a hub-and-spoke model, connecting Centrifuge Chain with various L1 and L2 solutions. The system is designed for asynchronous operations, using epochs for investment and redemption.

Understanding the Ecosystem:

Data Structures of note:

• InvestmentManager: Manages pool creation, tranche deployment, and investments.
• PoolManager: Manages currency bookkeeping and tranche tokens.
• Gateway: Encodes and decodes messages for inter-chain communication.

Key Contracts:

• LiquidityPool.sol: ERC-4626 compatible, handles stablecoin deposits and withdrawals.
• Tranche.sol: ERC-20 token for each tranche, linked to a RestrictionManager.
• InvestmentManager.sol: Core business logic for pool and tranche management.
• PoolManager.sol: Handles currency bookkeeping.
• Gateway.sol: Manages inter-chain messages.

Data Structures:

InvestmentManager.sol:

• Purpose: Manages investment logic.
• Libraries Used: SafeMath, SafeTransfer.

PoolManager.sol:

• Purpose: Manages pools and tranches.
• Libraries Used: SafeTransfer.

Modifiers:

• Uses the ward pattern for authentication.

Security:

• Timelock mechanisms in place via Root.delay.
• Pause functionality via PauseAdmin.

Architecture Recommendations:

• Implement circuit breakers for emergency stops.
• Add more robust validation for message parsing in Gateway.
• Consider rate-limiting for sensitive operations.

Centralization Risks:

• Root contract has overarching control.
• PauseAdmin can instantaneously pause the protocol.

Mechanism Review:

• Asynchronous operations via epochs.
• Multi-currency support with normalization to 18 decimals.
• Message passing for inter-chain communication.

Systemic Risks:

Specific asynchronous operations present could lead to timing attacks.

Specific Risks and Mitigations I noticed:

InvestmentManager:

• Risks: No checks for zero addresses.
• Mitigations: Add require statements for address validation.

PoolManager:

• Risks: Potential for front-running in public functions.
• Mitigations: Implement commit-reveal scheme.

Areas of Concern

• Centralization risks due to Root and PauseAdmin.

Recommendations

• Implement more granular permission levels.
• Add more extensive event logging for key operations.
• Consider implementing a DAO for protocol governance.

Conclusion

• Centrifuge presents a complex but well-structured approach to on-chain credit involving RWAs. While the architecture is robust, it is not without its risks, particularly around centralization and potential timing attacks.

Time spent:

8 hours