XUSD Stable - Smart Contract Audit Report
Summary
XUSD Stable intends to launch a partially-collateralized and partial-algorithmic stablecoin protocol. .
We audited XUSD's contracts deployed at the addresses below.
Partial-Collateralization of the Stablecoin:
- The XUSD token is backed partially via deposited collateral, and partially by a supply-based algorithm similar to ESD and DSD. This system of partial collateralization is meant to decrease the instabilities found in purely algorithmic stablecoin projects.
- The proportion the token is backed by collateral (vs. the algorithm) depends on the current price of the coin in proportion to its peg, the U.S. Dollar. The collaratel-backing as a percentage decreases when the XUSD price exceeds its peg; and vice versa.
- Anyone can call refreshCollateralRatio() to update the current collateralizaiton rate.
Token Contracts:- There is a 0.7% fee charged upon minting of XUSD and a 0.3% fee when redeeming XUSD. The development team has the ability to change these values to any amount. These fees are sent to the XUSDFeePool contract which will be controlled by the timelock.
- Addresses granted the Pools role have the ability to mint and burn tokens.
- The Owner and Governance address have the power to add & remove collateral and reward pools. Reward rates can be updated as well.
- The Owner and Governance also have the ability to set the redemption and minting fees, the price target in USD, the address of the XUS/XUSD tokens, oracles, timelock, and controller; the cooldown for refreshing collaterization rates, the price band for determing rates, and set an address as the new owner.
- Finally, the Owner and Goverannce also have the ability to pause the usage of the collaterization ratio.
Governance:- In addition to the XUSD stablecoin, the project also offers XUS token, which is a governance token for the platform.
- After setting up the platform, the development team intends to renounce ownership and move the controls behind the timelock contract to a multi-signature address. The community would then vote on proposals using XUS and the team implement them through the multi-signature timelock.
- The timelock contract requires between 2 and 30 days pass between queing and executing a transaciton. The contract can execute arbitrary transactions.
Staking:- Users can stake various assets and LP tokens in pool contracts in order to earn XUS. Users must stake for a minimum of 1 block to prevent flash loan attacks; though this minimum period can be updated by the owner to any amount at any time.
- User reward rates can be changed by the development team; they intend to lower them over time.
- 4% of staking rewards are sent to dev address upon withdrawing. The owner or governance can update this fee (and its destination) to any amount.
- The owner can set the duration of staking reward periods, the reward rate, and the boost (based on collateralization) at any time; though the boost rate cannot be negative. The owner also has the ability to pause staking; however withdraws can never be paused.
- The owner has the ability to transfer arbitrary tokens accidentally sent to the staking pools; the staking token cannot be transfered (or updated) by the team.
- Finally, the owner can also set the bonus rate (default of 0.75%) and the redemption delay period at any time.
Security Practices:- The project utilizes Chainlink Price feeds to obtain the latest real-world prices for DAI and UDSC in U.S. Dollars.
- The project also uses Uniswap's Time-Weighted Average Price (TWAP) mechanism in order to obtain recent prices of XUSD and XUS in U.S. Dollars.
- Both of these implementations are flash loan resistant.
- Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
- Utilization of SafeMath to prevent overflows and ensure safe transfers. The tokens also properly follow the ERC20 standard.
Audit Findings Summary:- No security issues from outside attackers were identified.
- Ownership is currently set to the deployer's address. The owner address on the Collateral Pools is not publicly readable.
- Until a multi-sig wallet with trusted parties is set up behind the timelock, users must place trust in the project team; as many of the important variables in the ecosystem can be modified by the Owner/Governance.
- Date: January 16th, 2021 (Will be updated if the team shares changes in ownership structure)
External Threats - Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | Chainlink + Uniswap TWAP 👍 | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |