DYAD audit details

• Total Prize Pool: $36,500 in USDC

  • HM awards: $28,800 in USDC
  • QA awards: $1,200 in USDC
  • Judge awards: $3,600 in USDC
  • Lookout awards: $2,400 USDC
  • Scout awards: $500 in USDC

• Join C4 Discord to register

• Submit findings using the C4 form

• Read our guidelines for more details

• Starts April 18, 2024 20:00 UTC

• Ends April 25, 2024 20:00 UTC

Automated Findings / Publicly Known Issues

The 4naly3er report can be found here.

Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.

• DYAD Multisig controls most of the protocol right now.
• Unlicensing a vault can cause issues.

Overview

DYAD is the first truly capital efficient decentralized stablecoin. Traditionally, two costs make stablecoins inefficient: surplus collateral and DEX liquidity. DYAD minimizes both of these costs through Kerosene, a token that lowers the individual cost to mint DYAD.

DYAD

Contracts

core
├─ DNft — "A dNFT gives you the right to mint DYAD"
├─ Dyad — "Stablecoin backed by ETH"
├─ VaultManager - "Manage Vaults for DNfts"
├─ VaultManagerV2 - "VaultManager with flash loan protection"
├─ Vault - "Holds different collateral types"
├─ Licenser - "License VaultManagers or Vaults"
├─ KerosineManager - "Add/Remove Vaults to the Kerosene Calculation"

staking
├─ Kerosine - "Kerosene ERC20"
├─ KerosineDenominator
├─ Staking - "Simple staking contract"

periphery
├─ Payments

Deployed Contracts

All on Ethereum Mainnet

Contract	Address
DYAD	0x305B58c5F6B5b6606fb13edD11FbDD5e532d5A26
dNFT	0xDc400bBe0B8B79C07A962EA99a642F5819e3b712
Vault Manager v1	0xfaa785c041181a54c700fD993CDdC61dbBfb420f
wETH Vault	0xcF97cEc1907CcF9d4A0DC4F492A3448eFc744F6c
wstETH Vault	0x7aE80418051b2897729Cbdf388b07C5158C557A1

Migration

The goal is to migrate from VaultManager to VaultManagerV2. The main reason is the need for a flash loan protection which makes it harder to manipulate the deterministic Kerosene price. The whole migration is described in Deploy.V2.s.sol. The only transaction that needs to be done by the multi-sig after the deployment is licensing the new Vault Manager.

Links

• Previous audits: None
• Documentation: https://dyadstable.notion.site/DYAD-design-outline-v5-1-3fa96f99425e458abbe574f67b795145?pvs=4
• Website: https://www.dyadstable.xyz/
• X/Twitter: https://twitter.com/0xDYAD
• Discord: https://t.co/nzml0Wapkt

---

Scope

See scope.txt

Files in scope

File	Logic Contracts	Interfaces	SLOC	Purpose	Libraries used
/src/staking/KerosineDenominator.sol	1	****	14
/src/core/VaultManagerV2.sol	1	****	166
/src/core/Vault.kerosine.sol	1	****	62		@solmate/src/utils/SafeTransferLib.sol @solmate/src/tokens/ERC20.sol @solmate/src/auth/Owned.sol
/src/core/KerosineManager.sol	1	****	34		@openzeppelin/contracts/utils/structs/EnumerableSet.sol @solmate/src/auth/Owned.sol
/src/core/Vault.kerosine.bounded.sol	1	****	42		@solmate/src/tokens/ERC20.sol
/src/core/Vault.kerosine.unbounded.sol	1	****	60		@solmate/src/tokens/ERC20.sol @solmate/src/utils/SafeTransferLib.sol
/script/deploy/Deploy.V2.s.sol	1	****	87		forge-std/Script.sol @solmate/src/tokens/ERC20.sol
Totals	7	****	465

Files out of scope

See out_of_scope.txt

File
./script/Read.s.sol
./script/deploy/DeployBase.s.sol
./script/mock/transfer.wsteth.s.sol
./src/core/DNft.sol
./src/core/Dyad.sol
./src/core/Licenser.sol
./src/core/Vault.sol
./src/core/Vault.wsteth.sol
./src/interfaces/IAggregatorV3.sol
./src/interfaces/IDNft.sol
./src/interfaces/IDyad.sol
./src/interfaces/IStaking.sol
./src/interfaces/IVault.sol
./src/interfaces/IVaultManager.sol
./src/interfaces/IWETH.sol
./src/interfaces/IWstETH.sol
./src/params/DNftParameters.sol
./src/params/Parameters.sol
./src/periphery/Payments.sol
./src/staking/Kerosine.sol
./src/staking/Staking.sol
./test/BaseTest.sol
./test/ERC20Mock.sol
./test/OracleMock.sol
./test/Payments.t.sol
./test/Vault.wsteth.t.sol
./test/VaultManager.t.sol
./test/VaultManagerHelper.t.sol
./test/WETH.sol
./test/fork/v2.t.sol
./src/core/VaultManager.sol
Totals: 31

Scoping Q & A

General questions

Question	Answer
ERC20 used by the protocol	Kerosene, weth, wseth
Test coverage	33.64%
ERC721 used by the protocol	DNFT
ERC777 used by the protocol	None
ERC1155 used by the protocol	None
Chains the protocol will be deployed on	Ethereum

ERC20 token behaviors in scope

• The only tokens in scope are: weth, wsteth.
• Vulnerabilities related to these token behaviours are only considered valid if they actually exist in tokens which are used, i.e. Kerosene, weth, etc.

External integrations (e.g., Uniswap) behavior in scope:

Question	Answer
Enabling/disabling fees (e.g. Blur disables/enables fees)	No
Pausability (e.g. Uniswap pool gets paused)	Yes
Upgradeability (e.g. Uniswap gets upgraded)	Yes

EIP compliance

None

Additional context

Main invariants

• TVL > DYAD total supply

Attack ideas (where to focus for bugs)

• Manipulation of Kerosene Price.

• Flash Loan attacks.

All trusted roles in the protocol

DYAD Multisig: 0xDeD796De6a14E255487191963dEe436c45995813

Role	Description
DYAD Multisig	Ability to: License new Vault Manager, License new Vaults, Change the kerosene denominator contract, Add new vaults to the Kerosene Manager

Any novel or unique curve logic or mathematical models implemented in the contracts:

None

Running tests

git clone https://github.com/code-423n4/2024-04-dyad.git
git submodule update --init --recursive
cd 2024-04-dyad
forge install
forge test

To run code coverage

forge coverage

To run gas benchmarks

forge test --gas-report

Miscellaneous

Employees of DYAD and employees' family members are ineligible to participate in this audit.