Platform: Code4rena
Start Date: 21/08/2023
Pot Size: $125,000 USDC
Total HM: 26
Participants: 189
Period: 16 days
Judge: GalloDaSballo
Total Solo HM: 3
Id: 278
League: ETH
Rank: 100/189
Findings: 1
Award: $90.10
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: catellatech
Also found by: 0xSmartContract, 0xnev, K42, LokiThe5th, RED-LOTUS-REACH, Sathish9098, __141345__, bitsurfer, hunter_w3b, mark0v, nirlin, rjs, rokinot
90.0998 USDC - $90.10
Preparation
$rDPX tokenomics and Atlantic OptionsExecution
Effort 21 hours total
rDPX V2 is a complex new system involving changes to the existing rDPX token which forms part of the Dopex ecosystem. It introduces dpxETH, which is pegged to ETH in a 1:1 ratio. dpxETH will be designated as a staple collateral token for future Dopex options products. The dpxETH:ETH peg is maintained via an interplay between bonding mechanisms, backing reserves controlled via AMOs, and a peg stability module. There are dependencies on Curve Finance, Uniswap V2 and Uniswap V3 for performing some of these functions.
| Component | Notes |
|---|---|
| Peg Stability Module (PSM) | Ensures dpxETH to ETH peg on the Curve pool |
| Regular Bonding Mechanism | Deposit rDPX + ETH to mint a bond -> send rDPX/ETH to backing reserves/Curve -> burn/send rDPX as rewards -> mint ERC721 bond token |
| Delegate Bonding | Users with rDPX-only or ETH-only deposit into pool and then can use pool to perform regular bonding |
Bonding via rDPX Decaying Bond | Similar to regular bonding mechanism, but there is a maturity + redemption process involved |
| Atlantic Perpetual PUTS Options | A perpetual options pool for rDPX options which the Core Contract uses for the bonding process with 1 week epoch |
| Receipt Token | Represents dpxETH/ETH LP tokens on the curve, and are staked in Curve gauges for rewards then distributed to receipt token stakers and the Core Contract |
| Receipt Redemption | Redeemed at current ratio of the rDPX/ETH backing reserve, less redemption fee |
| AMO | Inspired by Frax's AMO but tailored for rDPX V2; modifications should be carefully reviewed |
| Component | Concern |
|---|---|
| Peg Stability Module | Is it possible to depeg dpxETH:ETH, e.g. under extreme market conditions or aggressive market manipulation? |
| Regular Bonding Mechanism | Is the bonding mechanism susceptible to economic attacks due to its reliance on market prices e.g. flash loan attacks or oracle manipulations |
| Regular Bonding Mechanism | Is liquidity a concern any where in this process, or is it fully controlled by the Dopex contracts? |
| Delegate Bonding | Are there any sequences of interactions in the delegated bonding process that result in unexpected outcomes for rDPX and ETH holders participating in the pool? |
Bonding via rDPX Decaying Bond | Do the calculations here always hold through all market and reserve conditions? Can the redemption process be brought forward or exploited? |
| Atlantic Perpetual PUTS Options | Are there surprises on the epoch boundaries? Is it possible to deny service to users by blocking collateral availability? |
| Receipt Token | Can the current ratio of the Backing Reserve in rDPX/ETH provide an exploit path to unexpected behavior elsewhere? |
| AMO | Does separating out the Decollateralize and Recollateralize into the Treasury single PSM violate any assumptions in the Frax AMO ecosystem? |
| Dependencies | Can unlikely failure in two components produce an unexpected interaction? |
Each source unit was assessed with respect to modularity, access control mechanism, centralization risks, validation completeness and documentation quality:
| Source Unit | Modularity | Access Control | Centralization | Validation | Documentation |
|---|---|---|---|---|---|
| UniV2LiquidityAmo.sol | 🟢 Good | 🟢 Role-based | 🟡 Admin-only functions | 🟢 Excellent | 🟢 Good |
| UniV3LiquidityAmo.sol | 🟢 Good | 🟢 Role-based | 🟡 Admin-only functions | 🟢 Excellent | 🟢 Good |
| RdpxV2Core.sol | 🟢 Excellent | 🟢 Role-based | 🟡 Admin-only functions | 🟢 Excellent | 🟢 Good |
| RdpxV2Bond.sol | 🟢 Excellent | 🟢 Role-based | 🟢 Standard | 🟢 Standard | 🟢 Standard |
| RdpxDecayingBonds.sol | 🟢 Excellent | 🟢 Role-based | 🟢 Standard | 🟢 Standard | 🟢 Standard |
| DpxEthToken.sol | 🟢 Excellent | 🟢 Role-based | 🟢 Standard | 🟢 Standard | ⚪ N/A |
| PerpetualAtlanticVault.sol | 🟢 Excellent | 🟢 Role-based | 🟡 Admin-only functions | 🟢 Excellent | 🟡 Basic |
| PerpetualAtlanticVaultLP.sol | 🟢 Excellent | 🟢 Creator-only | 🟢 None | 🟡 Basic | 🟡 Basic |
| ReLPContract.sol | 🟢 Excellent | 🟢 Role-based | 🟡 Admin-only functions | 🟢 Excellent | 🟡 Basic |
The PSM is entirely controlled by the Core Contract managers; if these are compromised or act maliciously, they could disrupt the peg. There could also be scenarios where the Curve pool may not have enough liquidity to correct the peg effectively.
Multiple parameters (e.g. discount factor) are set by governance. If governance is compromised or acts inefficiently, it can affect the stability of the bonding process. It is worth considering if improvements are possible to allow parameters to dynamically reflect economic conditions rather than being configured through governance.
"The APP contract admin needs to calculate the funding needs to be called for every strike before the epoch ends".
Ideally any critical processes ought to be executable directly or indirectly by the impacted users in the ordinary course of operations, to reduce centralization risks.
System parameters are set by governance and therefore pose a centralization risk. Consider splitting system parameters by role if possible.
It is possible to create a forge script that runs multiple scenarios and assumptions through the protocol and outputs graph points, when can then be rendered graphically. This would greatly improve the documentation and communicate system intention more clearly.
21 hours
#0 - c4-pre-sort
2023-09-15T15:56:59Z
bytes032 marked the issue as sufficient quality report
#1 - c4-judge
2023-10-20T10:02:09Z
GalloDaSballo marked the issue as grade-b