[GUNI-DAI-USDC] ERC20 Token Smart Contract Technical Assessment

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards? Yes.
  • Risk analysis : LOW.

Technical Information

  • Compiler version : v0.8.4+commit.c7e474f2
  • Decimals : 18
  • Overflow checks : Yes, the contract uses solc 0.8 which includes overflow checks by default
  • Mitigation against allowance race-condition : Yes, the contract implements increaseAllowance and decreaseAllowance to get around this issue.
  • Upgradeable contract patterns : Yes, but they are planning to disable.
  • Access control or restriction lists : No.
  • Non-standard features or behaviors : Yes.
    • Anyone can mint or burn provided they have the underlying collateral.

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes.
  • Does transferFrom have simple semantics? Yes.
  • Can balances be arbitrarily modified by some actor? No.
  • Are there any external calls? Yes, but not in the regular ERC20 functions.

Testnet Information

  • Gelato Network is deployed on Ropsten and Rinkeby. List of relevant addresses here.

Contract Logic Summary

Administrative Addresses

No administrative access once the manager is revoked.

Inheritance Structure

G-UNI uses OpenZeppelin and Uniswap V3 inheritance patterns.

Contract Risk Summary

This is a low risk contract. The ERC20 function are implemented to industry standard, there are checks to prevent over/underflows, the approval race condition is correctly handled using increase/decreaseAllowance functions. The manager admin role has been agreed to be revoked before deployment, so there is no admin access.

Most of the risk comes from the fee reinvestment mechanism which requires a trusted bot network (Gelato Network) to set good values to prevent front-running. Profit reinvestment is planned to occur frequently, so any attack vector will quickly be spotted and the damage will be minimal as only the profit from the last day or so is at risk.

Supporting Materials

Architecture Diagram

Inheritance Diagram

Sūrya’s Description Report

Files Description Table

File Name SHA-1 Hash
contracts/GUniFactory.sol f8a9ef1635f5f933026bf6c6a4329354932216df
contracts/GUniPool.sol 7da68be25b1f36da9b727a7a8062b9b478dc52f5

Contracts Description Table

Contract Type Bases
└ Function Name Visibility Mutability Modifiers
GUniFactory Implementation GUniFactoryStorage, IGUniFactory
└ Public :exclamation: :stop_sign: GUniFactoryStorage
└ createPool External :exclamation: :stop_sign: NO❗️
└ getTokenName External :exclamation: NO❗️
└ upgradePools External :exclamation: :stop_sign: onlyManager
└ upgradePoolsAndCall External :exclamation: :stop_sign: onlyManager
└ makePoolsImmutable External :exclamation: :stop_sign: onlyManager
└ isPoolImmutable External :exclamation: NO❗️
└ getGelatoPools External :exclamation: NO❗️
└ getDeployers Public :exclamation: NO❗️
└ getPools Public :exclamation: NO❗️
└ numPools Public :exclamation: NO❗️
└ numDeployers Public :exclamation: NO❗️
└ numPools Public :exclamation: NO❗️
└ getProxyAdmin Public :exclamation: NO❗️
└ _getDeployer Internal :lock:
└ _getPool Internal :lock:
└ _getTokenOrder Internal :lock:
└ _append Internal :lock:
GUniPool Implementation IUniswapV3MintCallback, IUniswapV3SwapCallback, GUniPoolStorage
└ Public :exclamation: :stop_sign: GUniPoolStorage
└ uniswapV3MintCallback External :exclamation: :stop_sign: NO❗️
└ uniswapV3SwapCallback External :exclamation: :stop_sign: NO❗️
└ mint External :exclamation: :stop_sign: nonReentrant
└ burn External :exclamation: :stop_sign: nonReentrant
└ executiveRebalance External :exclamation: :stop_sign: onlyManager
└ rebalance External :exclamation: :stop_sign: gelatofy
└ withdrawManagerBalance External :exclamation: :stop_sign: gelatofy
└ withdrawGelatoBalance External :exclamation: :stop_sign: gelatofy
└ _balancesToWithdraw Internal :lock:
└ getMintAmounts External :exclamation: NO❗️
└ getUnderlyingBalances Public :exclamation: NO❗️
└ _rebalance Private :closed_lock_with_key: :stop_sign:
└ _withdrawAll Private :closed_lock_with_key: :stop_sign:
└ _withdrawExact Private :closed_lock_with_key: :stop_sign:
└ _deposit Private :closed_lock_with_key: :stop_sign:
└ _swapAndDeposit Private :closed_lock_with_key: :stop_sign:
└ _computeMintAmounts Private :closed_lock_with_key:
└ _computeFeesEarned Private :closed_lock_with_key:
└ _subtractAdminFees Private :closed_lock_with_key:
└ _checkSlippage Private :closed_lock_with_key:

Legend

Symbol Meaning
:stop_sign: Function can modify state
:dollar: Function is payable
6 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.