- Reviewed by: @mkflow27
- Checked by: @danielmkm
- Deployed at:
- Audit report(s):
sDOLA is a yield-bearing stablecoin structured as an ERC-4626 wrapper around a DOLA Savings Account (DSA) contract that continuously streams DOLA Borrowing Rights rewards to staked DOLA and auto-compounds them. The Rate provider exposes the convertToAssets
of sDOLA via a getRate()
function and makes the rate consumable by Balancer pools.
Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use.
- Implements the
IRateProvider
interface. -
getRate
returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals.
Each of the items below represents a common red flag found in Rate Provider contracts.
If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider.
-
The Rate Provider is upgradeable (e.g., via a proxy architecture or an
onlyOwner
function that updates the price source address). -
Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price).
-
Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes).
-
Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price).
- The Rate Provider is susceptible to donation attacks.
The price is dependent on evaluation of totalAssets()
which also evaluates the balance of DolaSavings
in the [sDOLA
] contract by reading it via balanceOf()
.
uint actualAssets = savings.balanceOf(address(this)) - remainingLastRevenue - weeklyRevenue[week];
By sending DolaSavings
to the sDOLA
contract, the price can be influenced by a donation.
To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users.
Summary judgment: SAFE
This Rate Provider should work well with Balancer pools. The Rate Provider and downstream contracts not being upgradeable decrease the potential attack surface and make the Rate Provider immutable.