JonesDAO Vaults

Smart Contract Audit Report

Audit Summary

JonesDAO is creating a new platform which enables users to stake GLP and stable tokens into Vaults to earn rewards.

For this audit, we reviewed the JonesDAO GLP Vault contracts at commit 48e299c6b865fd802b7aca0c0e11ff87b0a144d7 on the team's private GitHub repository.

The latest audit report for the JonesDAO GLP Vault contracts can be viewed here.

Audit Findings

All findings have been resolved, though some centralized aspects are present.
Date: December 30th, 2022.
Updated: January 18th, 2023 to reflect changes from commit 772974f410279d00c0ad9a7c596ef6b4eed4470b to commit 48e299c6b865fd802b7aca0c0e11ff87b0a144d7.

Finding #1 - JonesGlpVaultRouter - Low (Resolved)

Description: When a user attempts to redeem a GLP amount that is greater than the Strategy contract's underlying GLP balance, the user does not receive any GLP but their shares are still burned.
Risk/Impact: Users may attempt to redeem their GLP based on the Vault's previewRedeem() result, but will not receive any funds from their redemption and lose their shares.
Recommendation: A GLP redemption should revert if the Strategy does not have a sufficient underlying GLP balance.
Resolution: The team has implemented the above recommendation.

Contracts Overview

• As the GmxRewardRouter, GMXVault, and GlpManager, and Price Oracle contracts used for reward accrual and pricing are not included in the scope of this audit, we are unable to provide an assessment with regards to security or functionality.
• As the contracts are implemented with Solidity v0.8.0, they are safe from any possible overflows/underflows.

JonesGlpVault Contract:

• This contract implements ERC-4626 functionality to allow users to deposit GLP in exchange for shares.
• When GLP is deposited, the depositor is minted shares to represent their share of the total GLP of the Vault.
• When withdrawing, shares are redeemed for their GLP value.
• Only Operators can deposit and withdraw from the Vault.
• The Operator is intended to be set as the JonesGlpVaultRouter, which is used to facilitate all interactions with the Vault.
• An Operator can burn any amount of shares from any user at any time.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Operator Role and Borrower Role from any address at any time.
• A Borrower can execute a "borrow" at any time, which withdraws any specified amount of the Vault's assets at any time.
• A Borrower can execute a "repayment" at any time, which deposits their assets back into the Vault.
• The Borrower Role is intended to be granted to the JonesGlpLeverageStrategy leverage contract.
• The Governor can pause borrowing functionality at any time.
• The Governor can update the Price Oracle used to calculate the USD value of the Vault at any time.
• The Governor can update the associated Strategy address at any time.

JonesGlpStableVault Contract:

• This contract contains similar functionality to the JonesGlpVault contract, implementing ERC-4626 functionality to allow users to deposit Stable tokens in exchange for shares.
• When Stable tokens are deposited, the depositor is minted shares to represent their share of the total stable tokens of the Vault.
• When withdrawing, shares are redeemed for their stable token value.
• Only Operators can deposit and withdraw from the Vault.
• The Operator is intended to be set as the JonesGlpVaultRouter, which is used to facilitate all interactions with the Vault.
• An Operator can burn any amount of shares from any user at any time.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Operator Role and Borrower Role from any address at any time.
• A Borrower can execute a "borrow" at any time, which withdraws any specified amount of the Vault's assets at any time.
• A Borrower can execute a "repayment" at any time, which deposits their assets back into the Vault.
• The Borrower Role is intended to be granted to the JonesGlpLeverageStrategy leverage contract.
• The Governor can pause borrowing functionality at any time.
• The Governor can update the Price Oracle used to calculate the USD value of the Vault at any time.
• The Governor can update the associated Strategy address at any time.
• An emergency withdrawal function exists, allowing the Governor to withdraw all stable tokens from the contract at any time.

JonesGlpVaultRouter Contract:

• This contract allows users to deposit and redeem GLP and Stable tokens from their respective Vaults.
• Functionality from the associated JonesGlpLeverageStrategy contract is triggered upon various interactions with this contract.
• When a user deposits GLP, it is transferred to the associated JonesGlpVault contract.
• The resulting shares from the vault are then staked into the GLP JonesGlpRewardTracker on behalf of the user.
• GLP cannot be deposited if it results in the USD value of the JonesGlpLeverageStrategy contract's total underlying GLP exceeding its maximum allowed USD value.
• The Strategy's underlying GLP balance is defined as its GLP balance that is unreserved for Stable token debt.
• The maximum allowed USD value is calculated as a percentage of the sum of the Stable Vault's balance and debt.
• The Governor can update this percentage to any amount at any time.
• Contracts cannot deposit GLP or stable tokens unless they have been whitelisted by the associated WhiteListController contract.
• As the WhiteListController was not included in the scope of this audit, we are unable to provide an assessment with regards to security or functionality.
• When redeeming GLP, the user's staked shares are withdrawn from the GLP Reward Tracker and burned.
• The GLP value of these shares are then withdrawn from the Strategy contract to this contact.
• A fee is then taken from the withdrawn amount. The fee amount is redeemed through the GmxRewardRouter contract for WETH.
• Two-thirds of the fee is transferred to the Fee Receiver address and one-third is deposited into the GLP Reward Tracker.
• The remaining GLP after fees is transferred to the user.
• Users will not be able to withdraw if the amount is greater than the Strategy contract's underlying GLP balance.
• When depositing Stable tokens, the amount is transferred into the associated JonesGlpStableVault contract.
• The resulting shares from the vault are then staked into the Stable JonesGlpRewardTracker on behalf of the user.
• The user is also marked as staked in the GlpJonesRewards contract.
• In order to withdraw Stable tokens, users must first submit a withdrawal request.
• This withdraws the user's shares from the Stable JonesGlpRewardTracker contract and stores them in this contract.
• These shares are then reserved for redemption at the time of 3 epochs from the request time.
• The length of an epoch is equivalent to one day.
• Once the epoch has been reached and has been "settled", the user can execute the withdrawal.
• Settling an epoch consists of redeeming the Stable Vault shares that were reserved for that epoch in exchange for Stable tokens.
• Only the Keeper Role can settle an epoch.
• A stable withdrawal fee is taken from the user's withdrawal amount and deposited as rewards into the Stable JonesGlpRewardTracker contract.
• A user can cancel a withdrawal request as long as its redemption epoch has not been reached.
• A user can claim any rewards earned from the Strategy contract, GlpJonesRewards contract, and both the Stable and GLP JonesGlpRewardTracker contracts at any time.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Keeper Role from any address at any time.
• The Governor can pause or emergency pause the contract at any time.
• While paused, users cannot deposit GLP or stable assets.
• While emergency paused, users cannot redeem GLP shares, redeem Stable token shares, or submit stable token withdrawal requests.
• The Governor can update the GlpJonesRewards, JonesGlpLeverageStrategy, Fee Receiver, JonesGlpVault, and JonesGlpStableVault addresses at any time.
• The Governor can update the GLP and Stable JonesGlpRewardTracker addresses at any time.
• The Governor can update the GLP withdrawal fee at any time.

JonesGlpLeverageStrategy Contract:

• This contract is used to accrue rewards on funds deposited into the platform's Stable and Glp vaults.
• This is done by staking vault funds into the GmxRewardRouter contract; as this contract was not included in the scope of the audit, we are unable to provide an assessment with regards to security or functionality.
• Whenever GLP is deposited using the JonesGlpVaultRouter contract, the funds are taken from the vault and used for "rebalancing".
• Rebalancing functionality is determined by the current "leverage", which is the ratio of the contract's GLP balance to its underlying GLP.
• If the current leverage is under the minimum threshold, meaning there is a high GLP balance compared to current stable debt, the contract borrows Stable tokens from its Vault and stakes it into the GmxRewardRouter.
• If the current leverage is greater than the maximum threshold, the contract unstakes stable tokens from the GmxRewardRouter and returns the resulting Stable tokens to its Vault.
• The amount to borrow or repay is determined by the required amount to reach the contract's "target leverage".
• A rebalance also occurs on GLP redemptions if this contract has any underlying GLP.
• A GLP redemption will fail if the contract does not have a sufficient underlying GLP balance to supply the redemption amount.
• When rewards are claimed, this contract claims its rewards from the GmxRewardRouter contract and distributes them using the JonesGlpRewardDistributor and JonesGlpRewardsSplitter contracts.
• Only an Operator can trigger Strategy functionality that is intended to be executed on deposits, withdrawals, and claims.
• Only the JonesGlpVaultRouter contract is intended to be set as an Operator.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Keeper and Operator Roles from any address at any time.
• The Keeper Role can execute a rebalance at any time.
• The Governor can liquidate at any time, which redeems this contract's GLP for stable tokens through the GmxRewardRouter contract and uses it to repay its stable debt.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can withdraw the contract's GLP balance to any address at any time.
• The Governor can transfer the contract's staked balances in the GmxRewardRouter to any address at any time.
• The Governor can update the minimum, maximum, and target leverages at any time.

GlpJonesRewards Contract:

• This contract is used to distribute collected reward tokens over time to users who have staked Stable tokens.
• When the contract receives reward tokens for distribution, they are distributed over a period defined by the Governor.
• If reward distribution is already occurring, the existing rewards left to be distributed are added to the newly received amount and the new total is distributed over the defined period.
• The Governor can update the period of which received rewards are distributed over at any time.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Operator Role from any address at any time.

JonesGlpRewardTracker Contract:

• This contract is used by the JonesGlpVaultRouter to stake GLP and Stable Vault share tokens for rewards.
• Only the Operator contract can stake, withdraw, claim, and deposit rewards. The Operator is intended to be set to the JonesGlpVaultRouter contract.
• Fees taken from Stable and GLP redemptions are transferred to this contract to be distributed for rewards.
• The GLP JonesGlpRewardTracker contract's rewards are accrued in the form of WETH, and the Stable JonesGlpRewardTracker contract's rewards are accrued in the form of Stable tokens.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Operator Role from any address at any time.
• The Governor can update the associated Router, JonesGlpRewardDistributor, and JonesGlpRewardsSwapper addresses at any time.

JonesGlpRewardDistributor Contract:

• This contract is used to distribute received WETH rewards earned from the GmxRewardRouter contract to various destinations.
• Upon receiving rewards, the portions to be distributed to the Fee Receiver, Stable JonesGlpRewardTracker, and GLP JonesGlpRewardTracker contracts is calculated by the associated JonesGlpRewardsSplitter contract.
• Fee Receiver rewards are immediately deposited to the Fee Receiver address; the JonesGlpRewardTracker rewards are stored in the contract until they are collected by the JonesGlpRewardTracker contracts.
• The Governor can transfer the Governor Role to any address at any time.
• The Governor can grant or revoke the Operator Role from any address at any time.
• The Governor can update the associated Splitter contract at any time.
• The Governor can update the Fee Receiver, StableTracker, and GlpTracker addresses at any time.

JonesGlpRewardsSplitter Contract:

• This contract is used to calculate the distribution of rewards between the Fee Receiver, Stable JonesGlpRewardTracker, and GLP JonesGlpRewardTracker contracts.
• The amount distributed to each Reward Tracker contract is determined by the platform's current leverage, utilization, and calculated reward amount for the Fee Receiver.
• The Fee Receiver's reward amount is determined by the "Jones rewards percentage" of the remaining rewards after the GLP Reward Tracker's reward amount has been calculated.
• The Governor can update the Jones rewards percentage to any value at any time.

Audit Results

Contract Source Summary and Visualizations

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

• High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
• Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
• Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
• Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.

• Go Home