Skip to content

Latest commit

 

History

History
654 lines (475 loc) · 44.1 KB

security-and-audits.md

File metadata and controls

654 lines (475 loc) · 44.1 KB

Security & Audits

At Venus, our utmost dedication lies in ensuring the highest levels of security for our users. Throughout the entire Smart Contract development lifecycle, we strictly adhere to industry best practices to uphold the integrity of our platform. To further fortify our security measures, we collaborate with renowned auditing firms in the field. These partnerships enable us to conduct comprehensive security assessments of our protocol, thereby safeguarding our users' funds effectively.

The security of the Venus Protocol stands as our highest priority. Our development team, in conjunction with third-party auditors and consultants, has invested substantial efforts to create a protocol that we confidently deem safe and dependable. We prioritize transparency by making all contract code and balances publicly verifiable. Moreover, we offer a bug bounty program to security researchers who report undiscovered vulnerabilities, encouraging continuous improvement and vigilance.

We firmly believe that the true test of a smart contract's security lies in its size, visibility, and time. Consequently, we urge users to exercise caution and make independent assessments of the security and suitability of our protocol.

Audits

PendleOracle upgrade

Scope: Upgrade the current implementation of the PendleOracle contract to add support for for Pendle's getPtToSyRate() . This allows the ability to add yield tokens as a base, as an alternative to using the underlying asset directly.

Detailed scope
  • Pull Request #240
  • Files:
    • contracts/oracles/PendleOracle.sol
    • contracts/interfaces/IPendlePtOracle.sol

ACMCommandsAggregator

Scope: ACMCommandsAggregator is a permissionless contract, to be deployed to the remote networks (every network except BNB Chain), to facilitate the configuration (grants and revokes) of permissions in the AccessControlManager of each network.

Detailed scope
  • Pull Request #90
  • Files:
    • contracts/Utils/ACMCommandsAggregator.sol

TwoKinksInterestRate

Scope: Develop new interest rate model for the core pool (here) and for the isolated pools (here), supporting two different kinks and therefore three different slopes. Enabled in VIP-385.

Detailed scope

Support for the Core pool

  • Pull Request #494
  • Files:
    • contracts/InterestRateModels/InterestRateModelV8.sol
    • contracts/InterestRateModels/TwoKinksInterestRateModel.sol

Support for the Isolated pools

  • Pull Request #417
  • Files:
    • contracts/TwoKinksInterestRateModel.sol

Unlist markets

Scope: Changes in the isolated pools and core contracts to support unlisting markets. Fix in the core pool the behaviour of borrow caps set to zero. Enabled in VIP-361.

Detailed scope

Unlist markets

  • Pull request #429 in the venus-protocol repo:
    • Change: allow Governance the logical deletion of markets from the Comptroller contract
      • contracts/Comptroller/Diamond/facets/MarketFacet.sol
      • contracts/Comptroller/Diamond/facets/PolicyFacet.sol
  • Pull request #349 in the isolated-pools repo:
    • Change: allow Governance the logical deletion of markets from the Comptroller contract
    • Files: contracts/Comptroller.sol

Fix Borrow Cap 0 Logic

  • Pull request #438 in the venus-protocol repo:
    • Change: previously, a borrow cap of 0 meant no-caps. That is error-prone. With the new logic, a borrow cap of 0 won't allow new borrows
      • contracts/Comptroller/ComptrollerStorage.sol
      • contracts/Comptroller/Diamond/facets/PolicyFacet.sol
      • contracts/Comptroller/Diamond/facets/SetterFacet.sol

Oracle for Ether.fi LRT tokens (weETHs and weETHk) on Ethereum

Scope: specific oracle for the tokens weETHs and weETHk on Ethereum, using an Accountant contract under the hood, provided by the Ether.fi project. Enabled in VIP-355.

Detailed scope
  • Pull request #213
    • contracts/oracles/WeETHAccountantOracle.sol
    • contracts/interfaces/IAccountant.sol

VBNBAdmin: new function setInterestRateModel

Scope: Update of the VBNBAdmin contract to integrate the AccessControlManager within the setInterestRateModel function. This will allow to authorize more timelocks (not only the Normal timelock) to execute this function, so Fast-track and Critical VIP's will be able to update the interest rate model on the VBNB market. Enabled in VIP-343.

Detailed scope
  • Pull request #487
    • contracts/Admin/VBNBAdmin.sol
    • contracts/Admin/VBNBAdminStorage.sol

Oracle for sfrxETH on Ethereum

Scope: specific oracle for the token sfrxETH on Ethereum, using the SfrxEthFraxOracle oracle under the hood, provided by the FRAX project. Enabled in VIP-329.

Detailed scope
  • Pull request #191
    • contracts/oracles/SFrxETHOracle.sol

Multichain Governance

Scope: Cross chain messaging, execution of VIP on non-BNB chains. Integration of Multichain Governance in Venus. Enabled in VIP-330 and VIP-331.

Detailed scope
  • Pull request #21
    • contracts/Cross-chain/BaseOmnichainControllerDest.sol
    • contracts/Cross-chain/BaseOmnichainControllerSrc.sol
    • contracts/Cross-chain/OmnichainExecutorOwner.sol
    • contracts/Cross-chain/OmnichainGovernanceExecutor.sol
    • contracts/Cross-chain/OmnichainProposalSender.sol
    • contracts/Cross-chain/interfaces/IGovernananceBravoDelegate.sol
    • contracts/Cross-chain/interfaces/ITimelock.sol
    • contracts/Governance/TimelockV8.sol

main

Time-based contracts and seize XVS rewards

Scope: Changes in the isolated pools, core and oracle contracts to support blockchains where the block rate is not constant (i.e. Arbitrum). Add to the Core pool the feature to seize XVS rewards via VIP.

Detailed scope
  • Pull request #324 in the isolated-pools repo

  • Change: Timestamp-based Isolated lending contracts

    • contracts/JumpRateModelV2.sol
    • contracts/Lens/PoolLens.sol
    • contracts/Rewards/RewardsDistributor.sol
    • contracts/Rewards/RewardsDistributorStorage.sol
    • contracts/Shortfall/Shortfall.sol
    • contracts/Shortfall/ShortfallStorage.sol
    • contracts/VToken.sol
    • contracts/VTokenInterfaces.sol
    • contracts/WhitePaperInterestRateModel.sol
    • contracts/lib/constants.sol
  • Pull request #418 in the venus-protocol repo

  • Change: Time-based XVSVault

    • contracts/XVSVault/TimeManagerV5.sol
    • contracts/XVSVault/XVSVault.sol
    • contracts/XVSVault/XVSVaultStorage.sol
  • Pull request #128 in the oracle repo

  • Change: Add Arbitrum sequencer downtime validation for Chainlink Oracle

    • contracts/oracles/SequencerChainlinkOracle.sol
    • contracts/oracles/ChainlinkOracle.sol
  • Change: Reduce reserves with available cash

    • Pull request #414 in the venus-protocol repo
      • contracts/Tokens/VTokens/VToken.sol
    • Pull request #337
      • contracts/VToken.sol
  • Pull request #417 in the venus-protocol repo

  • Change: Seize XVS rewards

    • contracts/Comptroller/Diamond/facets/RewardFacet.sol
  • Pull request [#410] VenusProtocol/venus-protocol#410 in the venus-protocol repo

  • Change: Dynamically Set Addresses for XVS and XVSVToken

    • contracts/Comptroller/ComptrollerStorage.sol
    • contracts/Comptroller/Diamond/Diamond.sol
    • contracts/Comptroller/Diamond/facets/FacetBase.sol
    • contracts/Comptroller/Diamond/facets/RewardFacet.sol
    • contracts/Comptroller/Diamond/facets/SetterFacet.sol

VAI Controller

Scope: VAIController contract, fixing how the seized amounts during a VAI liquidations are calculated, considering the original VAI debt plus the interests generated. Enabled in VIP-299.

Detailed scope
  • Pull request #467
    • contracts/Tokens/VAI/VAIController.sol

XVS bridge - Mesh architecture

Scope: enable XVS transfers between networks different to the BNB Chain, for example, between Ethereum mainnet and opBNB mainnet. Detailed scope. Enabled in VIP-292.

Correlated token oracles

Scope: set of oracles for tokens whose price is highly correlated with the price of another token. This definition includes Liquid Staked Tokens (like wsETH, weETH, WBETH, ankrBNB, BNBx, slisBNB, stkBNB), ERC-4226 tokens (like sFRAX, sfrxETH) and any token covertible to other token onchain (like the Pendle PT tokens). WeETHOracle enabled in VIP-290. AnkrBNBOracle, BNBxOracle, SlisBNBOracle and StkBNBOracle enabled in VIP-293.

Detailed scope
  • Pull request #165
    • contracts/oracles/AnkrBNBOracle.sol
    • contracts/oracles/BNBxOracle.sol
    • contracts/oracles/OneJumpOracle.sol
    • contracts/oracles/PendleOracle.sol
    • contracts/oracles/SFraxOracle.sol
    • contracts/oracles/SFrxETHOracle.sol
    • contracts/oracles/SlisBNBOracle.sol
    • contracts/oracles/StkBNBOracle.sol
    • contracts/oracles/WBETHOracle.sol
    • contracts/oracles/WeETHOracle.sol
    • contracts/oracles/WstETHOracle.sol
    • contracts/oracles/common/CorrelatedTokenOracle.sol

Native token gateway

Scope: NativeTokenGateway contract, that facilitates the interaction (borrow, supply, repay and redeem) with markets where the underlying token is a wrapped version of the native token (for example WETH on Ethereum, or BNB on BNB chain). Enabled in VIP-276.

Detailed scope
  • Pull request #361
    • contracts/Comptroller.sol
    • contracts/ComptrollerStorage.sol
    • contracts/Gateway/Interfaces/IVtoken.sol
    • contracts/Gateway/Interfaces/IWrappedNative.sol
    • contracts/Gateway/NativeTokenGateway.sol
    • contracts/VToken.sol
    • contracts/VTokenInterfaces.sol
  • Pull request #442
    • contracts/Tokens/VTokens/VBep20.sol
    • contracts/Tokens/VTokens/VToken.sol
    • contracts/Comptroller/Diamond/facets/MarketFacet.sol

Oracle for wstETH

Scope: Oracle for wstETH, using the exchange rate wstETH/stETH from the stETH contract on Ethereum, assuming 1:1 for the conversion rate stETH:ETH, and converting ETH to USD using the Resilient Oracles.

Detailed scope
  • Pull request #155 in the oracle repo
    • contracts/oracles/WstETHOracle.sol

Token converters

Scope: Token converter contracts. These contracts will allow the protocol to convert the income generated to the needed tokens, following the Tokenomics. Enabled in VIP-245 and VIP-248.

Detailed scope
  • Pull request #9 in the protocol-reserve repo.

    • contracts/TokenConverter/AbstractTokenConverter.sol
    • contracts/TokenConverter/IAbstractTokenConverter.sol
    • contracts/TokenConverter/RiskFundConverter.sol
    • contracts/TokenConverter/XVSVaultConverter.sol
    • contracts/ProtocolReserve/RiskFundStorage.sol
    • contracts/ProtocolReserve/RiskFundV2.sol
    • contracts/ProtocolReserve/XVSVaultTreasury.sol
    • contracts/Utils/Constants.sol
    • contracts/Utils/Validators.sol
  • Pull request #35 in the protocol-reserve repo.

    • contracts/Interfaces/IConverterNetwork.sol
    • contracts/TokenConverter/AbstractTokenConverter.sol
    • contracts/TokenConverter/ConverterNetwork.sol
    • contracts/TokenConverter/IAbstractTokenConverter.sol
    • contracts/TokenConverter/RiskFundConverter.sol
    • contracts/TokenConverter/SingleTokenConverter.sol
    • contracts/Utils/ArrayHelpers.sol

XVS bridge and multichain deployment

Scope: token-bridge repository, with contracts to allow the bridge of XVS tokens from/to BNB to/from other EVM compatible networks, like Ethereum. Extend the OFTV2 LayerZero contracts, adding custom security rules. XVS and TokenController contract, to be used on the destination chains (initially Ethereum mainnet, Arbitrum one, Polygon zkEVM and opBNB). Moreover, the audit scope included: a new VTreasuryV8 contract, and changes in the Resilient Oracle and Isolated pools](VenusProtocol/isolated-pools#294) to make them compatible with other networks. Enabled in VIP-232.

Detailed scope

Venus Prime

Scope: Prime and PrimeLiquidityProvider contracts, to manage the eligibility of Prime tokens and the rewards distributions.

Enabled in VIP-201, VIP-202, VIP-203, VIP-206 and VIP-210. Updated in VIP-225.

Detailed scope
  • Pull request #196 in the core pool repo.

    • Prime feature:
      • contracts/Tokens/Prime/IPrime.sol
      • contracts/Tokens/Prime/Prime.sol
      • contracts/Tokens/Prime/PrimeStorage.sol
      • contracts/Tokens/Prime/PrimeLiquidityProvider.sol
    • Comptroller integration:
      • contracts/Comptroller/ComptrollerStorage.sol
      • contracts/Comptroller/Diamond/facets/PolicyFacet.sol
      • contracts/Comptroller/Diamond/facets/SetterFacet.sol
    • XVSVault integration:
      • contracts/XVSVault/XVSVault.sol
      • contracts/XVSVault/XVSVaultStorage.sol
    • Libs:
      • contracts/Tokens/Prime/libs/Scores.sol
      • contracts/Tokens/Prime/libs/FixedMath.sol
      • contracts/Tokens/Prime/libs/FixedMath0x.sol
  • Venus Prime update. Enabled in VIP-225.

    • Pull request #407
      • contracts/Tokens/Prime/IPrime.sol
      • contracts/Tokens/Prime/Interfaces/IPrime.sol
      • contracts/Tokens/Prime/Prime.sol
      • contracts/Tokens/Prime/PrimeLiquidityProvider.sol
      • contracts/Tokens/Prime/PrimeStorage.sol
      • contracts/Utils/TimeManager.sol
      • contracts/Tokens/VAI/VAIController.sol
      • contracts/Tokens/VAI/VAIControllerStorage.sol
    • Pull request #327
      • contracts/Comptroller.sol
      • contracts/ComptrollerStorage.sol
      • contracts/VToken.sol

Automatic income allocation

Scope: Changes in the VToken contracts of the Core and IL pools (including the VBNB market), to send automatically the interest reserves to the new ProtocolShareReserve contract, where configured rules will distribute the income following the tokenomics of the project. Enabled in VIP-189, VIP-192, VIP-193 and VIP-194.

Detailed scope
  • Core pool - interest reserves:
    • Pull request: VenusProtocol/venus-protocol#262
    • Files:
      • contracts/Tokens/VTokens/VToken.sol
      • contracts/Tokens/VTokens/VTokenInterfaces.sol
      • contracts/Utils/ErrorReporter.sol
  • Harvesting BNB income:
  • Isolated pools - Liquidations & interest reserves:
  • Distribute the collected incomes - ProtocolShareReserve contract
    • Branch develop in the repo https://github.com/VenusProtocol/protocol-reserve. Last commit to consider: dfb653d2e3fe163a248bbd9f8951cd6b96b06390
    • Files:
      • contracts/ProtocolReserve/ProtocolShareReserve.sol
      • contracts/Interfaces/IIncomeDestination.sol
      • contracts/Interfaces/IPrime.sol
      • contracts/Interfaces/IProtocolShareReserve.sol
      • contracts/Interfaces/IVToken.sol
      • contracts/Interfaces/ComptrollerInterface.sol
      • contracts/Interfaces/PoolRegistryInterface.sol

Diamond Comptroller

Scope: Upgrade of the Comptroller contract in the Core pool, implementing the Diamond pattern. Enabled in the VIP-174.

Detailed scope

Code to be audited: VenusProtocol/venus-protocol#224 Last commit: 331394866b0b78ea3b65efe03931acd582d0382e Files in the scope of the audit:

  • contracts/Comptroller/ComptrollerStorage.sol
  • contracts/Comptroller/Diamond/Diamond.sol
  • contracts/Comptroller/Diamond/facets/FacetBase.sol
  • contracts/Comptroller/Diamond/facets/MarketFacet.sol
  • contracts/Comptroller/Diamond/facets/PolicyFacet.sol
  • contracts/Comptroller/Diamond/facets/RewardFacet.sol
  • contracts/Comptroller/Diamond/facets/SetterFacet.sol
  • contracts/Comptroller/Diamond/facets/XVSRewardsHelper.sol
  • contracts/Comptroller/Diamond/interfaces/IDiamondCut.sol
  • contracts/Comptroller/Diamond/interfaces/IMarketFacet.sol
  • contracts/Comptroller/Diamond/interfaces/IPolicyFacet.sol
  • contracts/Comptroller/Diamond/interfaces/IRewardFacet.sol
  • contracts/Comptroller/Diamond/interfaces/ISetterFacet.sol
  • contracts/Lens/ComptrollerLens.sol
  • contracts/Lens/SnapshotLens.sol

BUSDLiquidator

Scope: Contract to forcibly liquidate BUSD positions after enabling the "forced liquidations" feature in the BUSD market, in the VIP-191

Detailed scope

Code to be audited: VenusProtocol/venus-protocol#362 Last commit: 592b022723740c6b7b066445f407f12253d85637

Forced liquidations in the Isolated pools

Scope: Upgrade of the Comptroller contract in the Isolated pools, adding the "forced liquidations" feature, enabled on VIP-186

Forced liquidations in the Core pool

Scope: Upgrade of the Comptroller contract in the Core pool, adding the "forced liquidations" feature, enabled on VIP-172

RiskFund and Shortfall handling

Scope: RiskFund, Shortfall and ProtocolShareReserve contracts in the isolated-pools repo, enabled on VIP-170

These contracts were in the scope of the audits done before the launch of Isolated Pools in the VIP-134. Some upgrades were done on these contracts, and a new round of audits were done focused on these changes.

Peg Stability Module (PSM)

Scope: Peg Stability Module contract for VAI/USDT, enabled on VIP-157

Oracles upgrade (2023/07/24)

Scope: Upgrade of the Resilient Price Feeds, enabled on VIP-145.

Oracles

Scope: New Resilient Price Feeds, enabled on VIP-123.

Vaults

Scope: Upgrade of the XVSVault, VAIVault and VRTVault, enabled on VIP-127.

Isolated pools

Scope: Isolated pools, first enabled on VIP-134.

Automatic Income Allocation in the Liquidator contract

Scope: Integration of the Automatic Income Allocation into the Liquidator contract used in the Core pool on BNB chain.

Detailed scope
  • Pull request #241 in the venus-protocol repo.
    • contracts/Liquidator/Liquidator.sol
    • contracts/Liquidator/LiquidatorStorage.sol

Swap router

Scope: SwapRouter contract, enabled on VIP-131.

VToken

Scope: Delegate Borrowing in Venus. Upgrade of BUSD, USDC, USDT, BTCB and ETH markets, to reduce the risks on Venus that resulted from the September 2022 BNB Bridge incident. Executed on VIP-99.