Ethena Labs - invitedtea's results

Analysis - Ethena Labs

By InvitedTea | @invitedTea | Oct 28 2023

Summary

1. Overview

A delta-neutral stablecoin protocol with sustainable yield

Ethena is a DeFi platform that introduces a delta-neutral stablecoin named USDe. It offers users the dual benefit of minting or redeeming USDe and simultaneously earning a sustainable yield through mechanisms like Ethereum staking and perpetual position hedging.

Through its distinctive approach, Ethena bridges the space between traditional stablecoin systems and yield generation in the DeFi landscape. Leveraging the power of the EIP712 signature system and a robust backend infrastructure, it ensures that users can transact securely while maintaining the integrity of their funds and rewards.

2. Approach taken in evaluating the codebase

• Preliminary analysis: I read the Ethena README.md file and took the following notes:

• The Ethena learnings:

  • Ethena introduces a unique DeFi platform that focuses on a delta-neutral stablecoin named USDe.
  • Users can both mint and redeem USDe, and also earn a sustainable yield through various mechanisms.
  • Ethena leverages EIP712 signatures and backend checks to ensure secure transactions.
  • The documentation detailed concerns about potential vulnerabilities, indicating a comprehensive approach to auditing.

• Areas to focus:

  • Loss of user funds.
  • Overproduction of USDe.
  • Bugs affecting staked and reward funds.
  • Integrity of EIP712 signatures.

• High-level overview: I analyzed the overall codebase in one iteration to obtain a high-level understanding of the code structure and functionality.

• Documentation review: I studied the documentation to comprehend the purpose of each function, its functionality, and how it interacts with other parts of the system.

• Literature review: I read previous audits and known findings to understand any historical vulnerabilities or issues.

• Testing setup: I set up my testing environment and ran preliminary tests to confirm that all tests passed. I utilized tooling specific to Ethereum contracts for testing.

  • Test minting and redeeming functions
  • Test EIP712 signature validations

• Detailed analysis: I initiated a detailed analysis of the codebase, examining it line by line. I meticulously took notes to formulate questions for the development team. I utilized @audit tags to identify and flag potentially vulnerable or weak parts in the codebase. I then proceeded with in-depth analyses, performing all necessary unit and fuzz tests to ensure the protocol operates as intended.

2.1 Learnings

Ethena emerges as a pioneering DeFi platform with its focus on offering a delta-neutral stablecoin named USDe. It not only allows users to mint and redeem this stablecoin but also provides them with a sustainable yield. Ethena's unique contributions to the DeFi space include:

• Delta-Neutral Stablecoin: Ethena's innovation is in its delta-neutral stablecoin, USDe, which aims to bring stability and yield to the DeFi ecosystem. This unique feature marks a new avenue in stablecoin design, merging the worlds of stability and yield generation.

• Secure Minting and Redeeming: Ethena's use of EIP712 signatures and backend checks ensure that minting and redeeming operations are secure and reliable. This signifies Ethena's commitment to maintaining a robust and secure transactional environment for its users.

• Sustainable Yield Generation: Ethena's USDe allows users to earn a sustainable yield through mechanisms like Ethereum staking and perpetual position hedging. This balances the need for stability with the desire for yield, encapsulating Ethena's vision of a DeFi ecosystem that offers the best of both worlds.

• Delegated Signers and Governance: The system allows for delegated signers, making it flexible for users who trade via smart contracts. The governance model, controlled by Ethena DAO, ensures that the protocol can evolve and adapt to the community's needs.

Core contract components

• USDe.sol: This is the main USDe token stablecoin contract. It grants another specified contract the ability to mint USDe. It uses libraries like @openzeppelin/ERC20Burnable.sol, @openzeppelin/ERC20Permit.sol, and @openzeppelin/Ownable2Step.sol.

• EthenaMinting.sol: This contract handles both the minting and redemption of USDe tokens. The USDe.sol contract grants this contract the ability to mint the stablecoin. It uses the @openzeppelin/ReentrancyGuard.sol library for added security against re-entrancy attacks.

• StakedUSDe.sol: An extension of ERC4626, this contract allows users to stake USDe tokens and receive stUSDe, which increases in value as Ethena deposits protocol yield into the contract. Libraries used include @openzeppelin/ReentrancyGuard.sol, @openzeppelin/ERC20Permit.sol, and @openzeppelin/ERC4626.sol.

• StakedUSDeV2.sol: This contract extends StakedUSDe and adds a redemption cooldown feature, enhancing the security and operation of redemptions.

• USDeSilo.sol: This is a simple contract used to temporarily hold USDe tokens during the redemption cooldown period, ensuring that the tokens are secure and isolated during this time.

• SingleAdminAccessControl.sol: EthenaMinting uses this for access control instead of the standard OpenZeppelin AccessControl. This contract manages the permissions for admin functionalities within the EthenaMinting contract.

3. Architecture Recommendations

After a comprehensive review of the Ethena codebase and its underlying architecture, I propose the following architectural improvement recommendations:

Simplify Minting and Redeeming Processes

The EthenaMinting.sol contract is central to minting and redeeming USDe tokens. To optimize:

• Streamline the minting and redeeming functions to reduce complexity and potential points of failure.
• Consider implementing more modular code structures for easier future upgrades and maintenance.

Improve Staking and Yield Mechanisms

The contracts StakedUSDe.sol and StakedUSDeV2.sol focus on staking and yield generation.

• Enhance interactions between these contracts to reduce gas costs and improve efficiency.
• Evaluate additional yield-generation strategies to offer more diverse options for users.

Secure Access Control

With the use of SingleAdminAccessControl.sol for access management, it's crucial to ensure robust security.

• Consider implementing role-based access control to diversify permissions and responsibilities.
• Implement monitoring tools to alert for any unauthorized changes or interactions with administrative functions. Keybox.AI offer onchain smart contract acitivities monitor, which helps project get protected.

Support for Advanced Features

Given that Ethena is a pioneering platform in the DeFi space, it might look to add more features in the future, such as:

• Mechanisms for governance proposals and voting, expanding on the protocol's decentralized nature.
• Additional token support or bridges to other blockchain networks to extend Ethena's reach and utility.

Comprehensive Audit

Due to the complex and interconnected nature of the contracts—especially those related to minting, redeeming, and staking—a comprehensive third-party audit would greatly enhance the protocol's security posture. This audit should focus particularly on these core components and any potential vulnerabilities related to them.

4. Codebase Quality Analysis

1. Magic Numbers & Constants: The contracts generally avoid the use of magic numbers, opting instead for named constants or variables. This enhances code readability and should be maintained.
2. Error Messages: require statements in the contracts include error messages, but these could be more descriptive to provide better insights for both users and developers.
3. Naming Conventions: The code largely adheres to Solidity's naming conventions. Consistency in naming across all contracts will improve code maintainability.
4. Input Validation: Input validation is performed in key functions, which is a positive aspect. Additional checks could be implemented to handle edge cases more robustly.
5. Gas Optimization: The use of OpenZeppelin's ReentrancyGuard is good for security, but further gas optimization, especially in functions like staking and minting, could be beneficial.
6. Immutability: Consider using immutable variables for parameters that are not intended to change after contract deployment. This could save gas and improve security.
7. Contract Decomposition: Some contracts, like EthenaMinting.sol, have multiple responsibilities. Breaking these down into smaller, specialized contracts could make the codebase more maintainable.
8. Access Control: The SingleAdminAccessControl.sol contract handles access control. More granular, role-based access control could enhance the system's security.
9. Staking Mechanisms: The presence of StakedUSDeV2.sol suggests that the staking mechanism has undergone iterations. Ensuring backward compatibility and smooth upgrades will be crucial.
10. Reentrancy Protection: The contracts use ReentrancyGuard to protect against reentrancy attacks. This should be consistently applied across all contracts where needed.
11. Use of Libraries: The contracts make good use of OpenZeppelin libraries for ERC standards and other security features, which is commendable.
12. Solidity Features: Written in Solidity 0.8.19, the contracts take advantage of its built-in features like automatic overflow and underflow checks. Further utilization of the language's native functionalities could optimize the code.

5. Mechanism Insights

Ethena distinguishes itself as a highly specialized DeFi platform, focusing on minting, staking, and yield generation. The platform appears to have been designed with several unique mechanisms to ensure a seamless and secure user experience.

Noteworthy Mechanisms in the Ethena Protocol:

Single-Administrator Access Control

Utilizing a simplified access control mechanism through SingleAdminAccessControl.sol, Ethena makes sure that access to crucial contract functionalities is tightly controlled, enhancing the system's security.

Minting and Redeeming Mechanics

The EthenaMinting.sol contract serves as the core of the platform's minting and redeeming functionalities. Its design seems to prioritize both security and efficiency, providing a robust foundation for the protocol.

Staking and Yield Generation

With contracts like StakedUSDe.sol and StakedUSDeV2.sol, Ethena has introduced an innovative approach to staking and yield generation. These contracts aim to provide users with a dynamic way to earn returns on their staked assets.

Minimal Dependencies

By leveraging well-known libraries like OpenZeppelin for standard functionalities, the protocol keeps external dependencies minimal. This reduces the attack surface and minimizes the impact of vulnerabilities in third-party code.

Input Validation and Reentrancy Protection

The contracts employ rigorous input validation and make use of OpenZeppelin's ReentrancyGuard to protect against reentrancy attacks, highlighting the protocol's focus on security.

Forward Compatibility

The introduction of StakedUSDeV2.sol suggests that the protocol is designed with upgradability in mind, allowing for the implementation of new features or improvements without disrupting existing functionalities.

6. Systemic Risks

Protocol Vulnerabilities

After an in-depth analysis of Ethena's codebase, several potential vulnerabilities and risks have been identified. These concerns could affect both the technical and operational aspects of the protocol.

Minting and Redemption Mechanisms

The EthenaMinting.sol contract is pivotal for the platform's minting and redeeming functionalities. Any security vulnerabilities in this contract could have severe implications. Additionally, the protocol's limited collateral for hot redemptions ($100k-$200k) could pose liquidity risks. On-chain mint and redeem limitations, along with the introduction of GATEKEEPER roles, add another layer of complexity and potential risks, such as centralization and monitoring effectiveness.

Complexity in Staking Contracts

Contracts like StakedUSDe.sol and StakedUSDeV2.sol introduce complexity with their staking mechanisms. Vulnerabilities in these contracts could jeopardize staked assets.

Access Control and Monitoring

The SingleAdminAccessControl.sol and GATEKEEPER roles manage crucial access controls and monitoring. Their centralized nature makes them single points of failure, putting the entire system at risk if compromised. Specifically, the SingleAdminAccessControl.sol contract could be a risk factor due to its sole control over key functionalities.

Upgradability and Backward Compatibility

The presence of StakedUSDeV2.sol suggests plans for future upgrades. Ensuring seamless backward compatibility during such transitions will be crucial.

Systemic Risks as per Codebase Analysis

• The protocol employs custom access control logic, which needs thorough scrutiny to ensure its robustness and security.

• The SingleAdminAccessControl.sol contract and GATEKEEPER roles could be potential risk factors due to their central roles in access control and monitoring. Their permissions and functionalities should be carefully reviewed.

• Contrary to earlier observations, the protocol does have emergency mechanisms through the GATEKEEPER roles, but these introduce their own set of risks related to centralization and effective monitoring.

• None of the contracts have a fallback or receive function to manage unexpected or accidental Ether transfers, resulting in the risk of trapped Ether.

• The protocol's dependency on external services like AWS for its GATEKEEPER roles could introduce additional vulnerabilities and dependencies.

7. Time spent on analysis

24 Hours

Time spent:

24 hours