Arbitrum USDT Migration Review

June 17-19, 2024

Summary

Medium Severity Issues: 1 (1 resolved)

Notes & Additional Information: 1 (1 resolved)

Total Issues: 2 (2 resolved)

Scope

OpenZeppelin reviewed Pull Request 864 of the compound-finance/comet repository at commit 184074b which will submit a governance proposal to create a USDT Comet market on Arbitrum using the official Comet Migration process.

In scope was the governance proposal created by the simulated Enact Workflow using the migration files:

.github/workflows/enact-migration.yaml
deployments/arbitrum/usdt/migrations/1717936901_configurate_and_end.ts

Reviewing base and collateral assets of the USDT Comet market on Arbitrum was out of scope.

Overview

As described in the Compound Community Forum Proposal, Woof Software and the Compound Growth Program propose launching the USDT market on Arbitrum with wstETH, wETH, wBTC, ARB and GMX as collateral.

To deploy an official market on Arbitrum, a series of specific Compound Governance steps must be taken. Dependencies must be accurately and securely deployed after which an official governance proposal is to be proposed on-chain. The focus of OpenZeppelin’s review was Pull Request 864 which includes the deployed dependencies, the official migration governance proposal, and all the security concerns that may arise during execution of the proposal. Specifically we checked:

• That correct contracts were deployed on-chain.
• That the simulation workflow created the same proposal as the deployment workflow.
• That the proposal description was accurate and descriptive of its effects.
• That proposal dependencies were verified as deployed with correct configurations.
• That proposal instructions were decoded and verified as complete.
• That correct oracle price feeds were used.
• That proposal instructions were simulated and executed successfully without errors on both Mainnet and Arbitrum.
• That the eventual market configuration was verified to match the parameter values provided by Gauntlet and accepted by the community.

Security Model and Trust Assumptions

Before proposal enactment to incorporate the USDT market on Arbitrum, it is assumed that there will not be any upgrades or changes to the implementations of the proposal or Comet ecosystem at large.

Medium Severity

Wrong oracle used for wstETH collateral

All the collaterals in this USDT market are priced in USD except for wstETH which is priced in ETH using the wstETH/ETH price feed. This will cause problems because the price returned by this oracle would be so low compared to the wstETH price in USD that borrowers won’t be able to borrow using this as collateral.

Consider using the MultiplicativePriceFeed contract to get the wstETH price in USD by utilizing the wstETH/ETH and ETH/USD price feeds. cbETH collateral is priced in USD similarly on Base.

Update: Resolved in commit b196923.

Notes & Additional Information

Prevention of ENS Record Mismatch

As part of the migration process, the address of every deployed market is added to the v3-official-markets record of the v3-additional-grants.compound-community-licenses.eth domain. Since the setText method of the ENS Resolver only allows replacing the current value with a new value, there is a chance that this this proposal can unintentionally remove recently added values.

To prevent such a scenario from occuring, consider:

• Copying the latest value from the v3-official-markets record of the v3-additional-grants.compound-community-licenses.eth.
• Waiting till any other live proposal also affecting the ENS record has either succeeded or failed.
• Ensuring that any change currently queued to change the ENS record is also reflected in this proposal.

Update: Resolved in commit 878d5f9.

Conclusion

Upon reviewing the calldata generated by the migration script, we found one medium severity issue and one informational severity issue. Apart from this, the proposal has been correctly created and follows all current recommendations.