Add ETH market on Arbitrum

jbass-oz · June 14, 2024, 7:08pm

Arbitrum WETH Migration Review

June 10-12, 2024

Summary

Note Issues: 2 (2 resolved)
Client-Reported Issues: 1 (1 resolved)
Total Issues: 3 (3 resolved)

Scope

OpenZeppelin reviewed Pull Request 860 of the compound-finance/comet repository at commit c89cda2 which will submit a governance proposal to create a WETH Comet market on Arbitrum using the official Comet Migration process.

In scope was the governance proposal created by the simulated Enact Workflow using the migration files:

.github/workflows/enact-migration.yaml
deployments/arbitrum/weth/migrations/1716912328_configure_and_ens.ts

Reviewing base and collateral assets of the WETH Comet market on Arbitrum was out of scope.

Overview

As described in the Compound Community Forum Proposal, Woof Software and the Compound Growth Program propose launching the WETH market on Arbitrum with liquid staking tokens (LST) such as wstETH, rETH, and weETH as collateral.

To deploy an official market on Arbitrum, a series of specific Compound Governance steps must be taken. Dependencies must be accurately and securely deployed after which an official governance proposal is to be proposed on-chain. The focus of OpenZeppelin’s review was Pull Request 860 which includes the deployed dependencies, the official migration governance proposal, and all the security concerns that may arise during execution of the proposal. Specifically we checked:

That the simulation workflow created the same proposal as the deployment workflow.
That the proposal description was accurate and descriptive of its effects.
That proposal dependencies were verified as deployed with correct configurations.
That proposal instructions were decoded and verified as complete.
Proposal instructions were simulated and executed successfully without errors on both Mainnet and Arbitrum.
That the eventual market configuration was verified to match the parameter values provided by Gauntlet and accepted by the community.

Security Model and Trust Assumptions

Before proposal enactment to incorporate the WETH market on Arbitrum, it is assumed that there will not be any upgrades or changes to the implementations of the proposal or Comet ecosystem at large.

Notes & Additional Information

Description Typo

The pull request link [proposal pull request](https://github.com/compound-finance/comet/pull60) in the proposal description is incorrect and doesn’t resolve to the expected resource. This may cause confusion for voters or community members doing their own research.

Consider updating the broken link to the appropriate URL: [proposal pull request](https://github.com/compound-finance/comet/pull/860)

Update: Resolved in commit 7dcf542.

New Collateral Asset

The market migration to create a new WETH Comet market on Arbitrum also includes a new collateral asset weETH which has not been used in any other Compound market previously. In prior analysis of weETH as a collateral asset, Gauntlet identified oracle risks which could expose the protocol to exaggerated market movements and a yield risk which could cause yield shocks and consequentially elevate slippage magnitude and liquidity on DEXs. The resulting governance proposal of this migration to create the WETH Comet market on Arbitrum excludes mention of using this new collateral asset for the first time.

Consider updating the proposal description to clarify that enacting the proposal to create a WETH Comet market on Arbitrum will introduce weETH as a new collateral asset to Compound.

Update: Resolved in commit 7dcf542.

Client-Reported

Token Address Typo When Estimating Gas

During our review the Woof Software team reported an incorrect token address was used to estimate gas in the migration script.

This token address is only used by Comet arbitrumUtils which then uses the Arbitrum SDK to estimate gas. It is encoded as data and this is later used during estimations. It can be observed that the address should not matter in this case. To further ensure this our team performed forked simulation tests with the decoded gas values from the enacted proposal and the transactions succeed.

Upon reviewing the issue we concluded that this is a small typo and should not affect the migration.

Update: Resolved, the Woof Software team stated:

We have not changed COMP to WETH on bridging. That is because Timelock does not have WETH on it, thus it fails.

Conclusion

Upon reviewing the migration script, our team at OpenZeppelin is confident that the proposal has been correctly created and follows all the recommendations. During our evaluation of this migration proposal, there was one omission and two minor typographical issues found; none of which should disrupt the proposal and addition of the new Comet market. Along with all of the prior information it can be verified that the market should function with WETH as its base asset and with the previously stated collaterals on Arbitrum.

Topic		Replies	Views
Add rETH as Collateral to WETHv3 on Mainnet New Markets	5	1864	November 12, 2023
Add Collateral rETH on USDC, USDT, USDS on Ethereum Mainnet New Markets	1	80	December 16, 2024
[Temp Check] Add wstETH as a collateral on Base ETH Market, USDC Market on Arbitrum and Ethereum Mainnet New Markets	20	2688	March 20, 2024
Add weETH Market on Ethereum New Markets	9	1201	July 13, 2024
[Gauntlet]- Supply Cap Recommendations (2024-08-19) Proposals	0	63	August 19, 2024