YFII is a new decentralized DeFi mining pool. At the invitation of community partners, Ambi Lab conducted a security research on the YFII smart contract from July 27 to August 2, 2020.
The analysis objects are the following contracts:
YFII Pool 1: 0xb81D3cB2708530ea990a287142b82D058725C092
YFII Pool 2: 0xAFfcD3D45cEF58B1DfA773463824c6F6bB0Dc13a
YFII Token: 0xa1d0E215a23d7030842FC67cE582a6aFa3CCaB83
BPT Token: 0x16cAC1403377978644e78769Daa49d8f6B6CF565
secondary title
What are YFII and YFI
secondary title
What changes did YFII make compared to YFI
At present, the YFII contract code is directly forked from Yearn Finance, and minor changes have been made to support the regular halving distribution of YFII Token.
The following table shows the corresponding relationship and address between the contract involved in YFII and the YFI contract.
YFI/YFII Token is the project governance Token contract, and the implementation of the two is consistent, specifically a standard ERC-20 Token with mint and simple governance functions.
BPT Token is the Balancer Pool Token contract, which is the liquidity proof Token of the market maker, and is actually provided by the automatic market maker agreement Balancer.BFactoryThe entry contract is created, so the implementation of the two is completely consistent. The contract code was previously developed by Trail of Bits and Consensys Diligenceaudited。
Pool1 and Pool2 are liquidity mining contracts used to distribute governance tokens. The codes of Pool1 and Pool2 are implemented in the same way, and both are called YearnRewards contracts, and the changes of YFII relative to YFI are in this contract.
secondary title
Brief Analysis of YFII & YFI Core Contracts
The core contract code YearnRewards of YFII and YFI liquidity mining is actually derived from the Synthetix projectUnipoolauditaudit。
The whole process of liquidity mining based on YearnRewards can be divided into the following steps:
Addresses with the RewardDistribution permission set the reward amount by calling the notifyRewardAmount() function of the YearnRewards contract in advance, and the corresponding amount of YFI Token should be transferred from the YFI minter to the YearnRewards contract.
Miners provide liquidity (usually depositing stablecoins) to the target DeFi contract specified by the YearnRewards contract (which can be an automatic market maker DEX, or a lending agreement), and get the corresponding liquidity proof Token (usually also called Pool Token) , the Token can be used to exchange assets and earn interest or fee income.
Miners deposit the Pool Token they get into the YearnRewards contract by calling the stake() function, and the contract automatically calculates the miner's rewards based on the Stake duration and the size of the miner's deposited funds in the total size of the pool.
Miners can withdraw their due rewards (YFI Token) and previously deposited Pool Token at any time.
some discoveries
some discoveries
As mentioned earlier, the changes of YFII compared to YFI, the overall code changes are relatively small.
Two new decorator functions are added to constrain the three main function functions of stake() withdraw() and getReward().
A new line of code is added to the notifyRewardAmount() function, which is used to directly control the YFI Token contract mint (increase) the specified number of Tokens to the current YearnRewards contract while notifying, and use them as rewards for distribution. Therefore, the Pool1 and Pool2 contracts must be minters of the YFII Token contract.
This makes YFII and YFI slightly different in the logic of Token distribution details. The distribution of rewards for each period of YFI requires a specific address to be responsible for setting the amount and transferring it to Token. YFII, in addition to executing the notifyRewardAmount() operation before the start of the first period, will automatically halve the output periodically as the user calls.
In addition, in the process of discussing code details with community developers Madao and gaojin, Madao mentioned that the execution of the automatic halving of Token production depends on the execution of the checkhalve() function, but actually depends on the interaction between the user and the contract, and the execution time cannot be accurately controlled. At the end of the previous cycle, there will be a certain time difference between the halving time and the expected time, and the actual time of contract halving is likely to be later than the expected time.
In particular, when the contract calculates rewards, it will take into account the extra time difference between the two weeks, resulting in the calculated reward value for each user being slightly higher than the expected value, resulting in a certain error. Furthermore, we found that as long as the error exists, theoretically the last person who withdraws the reward from the Pool may not be able to withdraw normally. This is because Mint YFII Token is transferred to the Pool contract at the same time as the contract is halved. Due to the existence of the previous error, the user's book income in the contract is higher than the actual amount of Token issued by Mint. The calculation method of the error is the time difference Delta between the end time of each period and the actual time of the next halving, multiplied by the rewardRate after halving.
secondary title
Handling of YFII administrator rights
YFI-like Tokens all have minting (Mint) interfaces, and addresses with mint permissions can issue additional Tokens. There is also a Governance administrator for YFI Token, who has the authority to add and delete Minter. Ideally, these address special authority addresses should be multi-sig contracts or other specialized contracts.
In addition, the YearnRewards contract has a rewardDistribution permission address, which is used to call the notifyRewardAmount() function to set the reward amount. The YearnRewards contract also has an owner authority address, which is used to set the rewardDistribution address.
At present, the practice of the YFII project is to set the YFII Token Governance administrator and the rewardDistribution of Pool1 and Pool2 to address 0. Administrator rights to destroy records can be found athttps://burn.yfii.finance/. After inspection, the destruction of administrator rights is true. At present, only the two contract addresses of Pool1 and Pool2 have the mint permission of YFII Token, which is a necessary permission to achieve periodic halving and cannot be abused in the future.
It is particularly worth mentioning that in the implementation of the original YFI Token code, no event was added to the privileged function addMinter(), which made it impossible for ordinary users to check how many minters the contract has. Be careful, this makes it very easy for various YFI projects to hide in the back door.
After inspection, the YFII Token contract has a total ofOnly two addMinter() recordsSummarize
Summarize
YFI as a whole is a very meaningful DeFi innovation experiment. Through Yearn Finance, we have seen the distribution of decentralized governance tokens, which has fully stimulated the mining and governance enthusiasm of the DeFi community.
safety advice
safety advice
With the popularity of liquidity mining and DeFi products, various new DeFi smart contracts have emerged on the market, and the combination risk has increased dramatically. Ambi Labs reminds users to pay attention to safety first when interacting with any DeFi project, recognize the domain name and contract address, carefully review all operations related to funds, and try not to interact with smart contracts of unknown origin. In addition, we should pay more attention to the security of DeFi products themselves and smart contracts, analyze the value base and risk sources, not blindly believe in APR, and only invest the amount that can bear the loss.
Special reminder, remember to use the clues provided in this article to check the administrator permissions of the participating YFI-like projects.
