[UNI-V2-USDC-ETH] ERC20 Token Smart Contract Technical Assessment

hexonaut · November 5, 2020, 10:30pm

[UNI-V2-USDC-ETH] ERC20 Token Smart Contract Technical Assessment

General Information

Symbol : UNI-V2
Address(es) :
- UniswapV2Pair: 0xB4e16d0168e52d35CaCD2c6185b44281Ec28C9Dc
Deployment Date :
- UniswapV2Pair: May-05-2020 08:22:25 PM +UTC
Total supply : 10900782949697088415 WAD (10.9 units)
Developers allotment : None
Collateral Onboarding Application: [UNI-V2-USDC-ETH] Uniswap V2 USDC-ETH Liquidity Token Collateral Application
Project website : https://app.uniswap.org/
Github repository :
- https://github.com/Uniswap
Can use existing MCD collateral type adapter?
Partially, the standard GemJoin adapter works if you ignore rewards. A custom gem join adapter is required to distribute UNI rewards.

Risk Summary

Does the contract implement the ERC20 token standards? Yes.
Risk analysis : MEDIUM.

Technical Information

Compiler version : v0.5.16+commit.9c3226ce
Decimals : 18
Overflow checks : Yes, the contract uses the SafeMath library for uint operations.
Mitigation against allowance race-condition : No.
Upgradeable contract patterns : No.
Access control or restriction lists : No.
Non-standard features or behaviors : No.

Formal Verification Considerations:

Does transfer have simple semantics? Yes.
Does transferFrom have simple semantics? Yes.
Can balances be arbitrarily modified by some actor? No.
Are there any external calls? No.

Testnet Information

Uniswap is deployed on Ropsten, Rinkeby, Gorli and Kovan. List of relevant addresses here.

Contract Logic Summary

Administrative Addresses

Fee Setter: 0x5e4be8Bc9637f0EAA1A755019e06A68ce081D58F
- Fee setter can turn fees on and off and set the target address that recieves fees. This address is controlled by Uniswap Governance and is behind a time lock of 48 hours.

Inheritance Structure

UNI-V2-USDC-ETH uses custom minting/burning logic in UniswapV2Pair which extends UniswapV2ERC20.

Other

UniswapV2ERC20 also implements permit for gasless transactions.

Contract Risk Summary

This is a medium risk contract. The ERC20 functions are implemented to industry standard, there are checks to prevent over/underflows, and the contract is non-upgradeable. Uniswap LP tokens are very safe by themselves. The risk comes from the underlying tokens. ETH is safe, but USDC has centralized access controls. Overall the technical risk is about the same as the risk from just USDC.

Supporting Materials

Architecture Diagram

Inheritance Diagram

Sūrya’s Description Report

Files Description Table

File Name	SHA-1 Hash
UniswapV2Pair-All.sol	f5e7366252c794b5fe2bf7bd2c1ce82240138de2

Contracts Description Table

Contract	Type	Bases
└	Function Name	Visibility	Mutability	Modifiers

IUniswapV2Pair	Interface
└	name	External		NO❗️
└	symbol	External		NO❗️
└	decimals	External		NO❗️
└	totalSupply	External		NO❗️
└	balanceOf	External		NO❗️
└	allowance	External		NO❗️
└	approve	External		NO❗️
└	transfer	External		NO❗️
└	transferFrom	External		NO❗️
└	DOMAIN_SEPARATOR	External		NO❗️
└	PERMIT_TYPEHASH	External		NO❗️
└	nonces	External		NO❗️
└	permit	External		NO❗️
└	MINIMUM_LIQUIDITY	External		NO❗️
└	factory	External		NO❗️
└	token0	External		NO❗️
└	token1	External		NO❗️
└	getReserves	External		NO❗️
└	price0CumulativeLast	External		NO❗️
└	price1CumulativeLast	External		NO❗️
└	kLast	External		NO❗️
└	mint	External		NO❗️
└	burn	External		NO❗️
└	swap	External		NO❗️
└	skim	External		NO❗️
└	sync	External		NO❗️
└	initialize	External		NO❗️

IUniswapV2ERC20	Interface
└	name	External		NO❗️
└	symbol	External		NO❗️
└	decimals	External		NO❗️
└	totalSupply	External		NO❗️
└	balanceOf	External		NO❗️
└	allowance	External		NO❗️
└	approve	External		NO❗️
└	transfer	External		NO❗️
└	transferFrom	External		NO❗️
└	DOMAIN_SEPARATOR	External		NO❗️
└	PERMIT_TYPEHASH	External		NO❗️
└	nonces	External		NO❗️
└	permit	External		NO❗️

SafeMath	Library
└	add	Internal
└	sub	Internal
└	mul	Internal

UniswapV2ERC20	Implementation	IUniswapV2ERC20
└		Public		NO❗️
└	_mint	Internal
└	_burn	Internal
└	_approve	Private
└	_transfer	Private
└	approve	External		NO❗️
└	transfer	External		NO❗️
└	transferFrom	External		NO❗️
└	permit	External		NO❗️

Math	Library
└	min	Internal
└	sqrt	Internal

UQ112x112	Library
└	encode	Internal
└	uqdiv	Internal

IERC20	Interface
└	name	External		NO❗️
└	symbol	External		NO❗️
└	decimals	External		NO❗️
└	totalSupply	External		NO❗️
└	balanceOf	External		NO❗️
└	allowance	External		NO❗️
└	approve	External		NO❗️
└	transfer	External		NO❗️
└	transferFrom	External		NO❗️

IUniswapV2Factory	Interface
└	feeTo	External		NO❗️
└	feeToSetter	External		NO❗️
└	getPair	External		NO❗️
└	allPairs	External		NO❗️
└	allPairsLength	External		NO❗️
└	createPair	External		NO❗️
└	setFeeTo	External		NO❗️
└	setFeeToSetter	External		NO❗️

IUniswapV2Callee	Interface
└	uniswapV2Call	External		NO❗️

UniswapV2Pair	Implementation	IUniswapV2Pair, UniswapV2ERC20
└	getReserves	Public		NO❗️
└	_safeTransfer	Private
└		Public		NO❗️
└	initialize	External		NO❗️
└	_update	Private
└	_mintFee	Private
└	mint	External		lock
└	burn	External		lock
└	swap	External		lock
└	skim	External		lock
└	sync	External		lock

Legend

Symbol	Meaning
	Function can modify state
	Function is payable