XUSD Stable - Smart Contract Audit Report

Summary

XUSD Audit Report XUSD Stable intends to launch a partially-collateralized and partial-algorithmic stablecoin protocol. .

We audited XUSD's contracts deployed at the addresses below.

    Partial-Collateralization of the Stablecoin:
  • The XUSD token is backed partially via deposited collateral, and partially by a supply-based algorithm similar to ESD and DSD. This system of partial collateralization is meant to decrease the instabilities found in purely algorithmic stablecoin projects.
  • The proportion the token is backed by collateral (vs. the algorithm) depends on the current price of the coin in proportion to its peg, the U.S. Dollar. The collaratel-backing as a percentage decreases when the XUSD price exceeds its peg; and vice versa.
  • Anyone can call refreshCollateralRatio() to update the current collateralizaiton rate.

  • Token Contracts:
  • There is a 0.7% fee charged upon minting of XUSD and a 0.3% fee when redeeming XUSD. The development team has the ability to change these values to any amount. These fees are sent to the XUSDFeePool contract which will be controlled by the timelock.
  • Addresses granted the Pools role have the ability to mint and burn tokens.
  • The Owner and Governance address have the power to add & remove collateral and reward pools. Reward rates can be updated as well.
  • The Owner and Governance also have the ability to set the redemption and minting fees, the price target in USD, the address of the XUS/XUSD tokens, oracles, timelock, and controller; the cooldown for refreshing collaterization rates, the price band for determing rates, and set an address as the new owner.
  • Finally, the Owner and Goverannce also have the ability to pause the usage of the collaterization ratio.

  • Governance:
  • In addition to the XUSD stablecoin, the project also offers XUS token, which is a governance token for the platform.
  • After setting up the platform, the development team intends to renounce ownership and move the controls behind the timelock contract to a multi-signature address. The community would then vote on proposals using XUS and the team implement them through the multi-signature timelock.
  • The timelock contract requires between 2 and 30 days pass between queing and executing a transaciton. The contract can execute arbitrary transactions.

  • Staking:
  • Users can stake various assets and LP tokens in pool contracts in order to earn XUS. Users must stake for a minimum of 1 block to prevent flash loan attacks; though this minimum period can be updated by the owner to any amount at any time.
  • User reward rates can be changed by the development team; they intend to lower them over time.
  • 4% of staking rewards are sent to dev address upon withdrawing. The owner or governance can update this fee (and its destination) to any amount.
  • The owner can set the duration of staking reward periods, the reward rate, and the boost (based on collateralization) at any time; though the boost rate cannot be negative. The owner also has the ability to pause staking; however withdraws can never be paused.
  • The owner has the ability to transfer arbitrary tokens accidentally sent to the staking pools; the staking token cannot be transfered (or updated) by the team.
  • Finally, the owner can also set the bonus rate (default of 0.75%) and the redemption delay period at any time.


  • Security Practices:
  • The project utilizes Chainlink Price feeds to obtain the latest real-world prices for DAI and UDSC in U.S. Dollars.
  • The project also uses Uniswap's Time-Weighted Average Price (TWAP) mechanism in order to obtain recent prices of XUSD and XUS in U.S. Dollars.
  • Both of these implementations are flash loan resistant.
  • Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
  • Utilization of SafeMath to prevent overflows and ensure safe transfers. The tokens also properly follow the ERC20 standard.


  • Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • Ownership is currently set to the deployer's address. The owner address on the Collateral Pools is not publicly readable.
  • Until a multi-sig wallet with trusted parties is set up behind the timelock, users must place trust in the project team; as many of the important variables in the ecosystem can be modified by the Owner/Governance.
  • Date: January 16th, 2021     (Will be updated if the team shares changes in ownership structure)

Name

Address

Description

XUSDStablecoin (Token)


0x1c9BA9144505aaBa12f4b126Fda9807150b88f80


Function Graph.   Inheritance Chart.

XUSDShares


0x875650dD46b60c592d5a69a6719e4e4187A3ca81


Function Graph.   Inheritance Chart.

XUSDFeePool


0x6049B0831F8da67f3FE80f5FA07BD300E8f2F22C


Function Graph.   Inheritance Chart.

Timelock


0x75061b5c168477499b3e297AdA97a1d22b72A264


Function Graph.   Inheritance Chart.

Collateral Pools Oracles


DAI: 0xf13a49Eb6b2...39bb15a38F5b32
UDSC: 0x75aAf03CBF3...7a528CFCAE8d75


DAI Function Graph.   DAI Inheritance Chart.
USDC Function Graph.   USDC Inheritance Chart.

Staking Pools


XUS/XUSD-LP: 0x608D8b1511C...fE7A62583
XUS/ETH-LP: 0x39d8189306a...B6532d63B
LINK/XUSD-LP: 0x5E20B7824f2A...219De5aa
DAI/XUSD-LP: 0x7b24E729aa3a3...b4Df934
ETH/XUSD-LP: 0xdaB209915b683...001b87A


XUS/XUSD-LP Functions.   XUS/XUSD-LP Inheritance.
XUS/ETH-LP Functions.   XUS/ETH-LP Inheritance.
LINK/XUSD-LP Functions.   LINK/XUSD-LP Inheritance.
DAI/XUSD-LP Functions.   DAI/XUSD-LP Inheritance.
ETH/XUSD-LP Functions.   ETH/XUSD-LP Inheritance.

Oracles


Uniswap ETH/XUSD: 0xA98Ce5bB71...55f89639B1
Uniswap XUS/ETH: 0x6c36E0eFb05...4b20E04a2
ChainlinkDAIUSDPriceConsumer: 0x0cD255e2f97...9097d7889
ChainlinkUSDCUSDPriceConsumer: 0xF67405E155...C2579F4682


Uniswap ETH/XUSD Functions.   Uniswap ETH/XUSD Inheritance.
Uniswap XUS/ETH Functions.   Uniswap XUS/ETH Inheritance.
ChainlinkDAIUSDPriceConsumer Functions.   ChainlinkDAIUSDPriceConsumer Inheritance.
ChainlinkUSDCUSDPriceConsumer Functions.   ChainlinkUSDCUSDPriceConsumer Inheritance.


External Threats - Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesChainlink + Uniswap TWAP 👍PASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS