Summary
Timeline: From 2025-02-04 To 2025-02-07
Total Issues: 4 (0 resolved)
Medium Severity Issues: 1 (0 resolved)
Low Severity Issues: 2 (0 resolved)
Notes & Additional Information: 1 (0 resolved)
Scope
This review analyzes the migration process undertaken to initialize the WBTC Comet Market on the Ethereum mainnet. Specifically, we audited the migration script provided in pull request #116 at commit 369ffe5.
In scope were the following files:
deployments/mainnet/wbtc/migrations/1737396251_configurate_and_ens.ts
Initialization Review
We reviewed the WBTC Comet Market migration for the Ethereum mainnet. During the review, we analyzed the following aspects:
-
Migration Call Sequence: The migration follows the expected sequence, calling
setFactoryandsetConfigurationon the Configurator, then upgrading the Comet to the new configuration, setting the reward config for the market, seeding the market, and updating the ENS records. We note that an issue was identified where the calls necessary to seed the market would fail. -
Contract Address Consistency: The addresses for the price feeds, assets, and known Compound contracts were confirmed. However, the Comet Market and associated price feed contracts had not been deployed at the time of audit and, thus, could not be reviewed.
-
Code Integrity Check: We compared the deployed code for each new contract with the previously audited version to ensure that no unauthorized changes were introduced. This step was crucial to confirm that no new vulnerabilities were inadvertently introduced during deployment.
-
Simulation Testing: Due to the absence of the WBTC Comet Market address, simulated calls to test aspects of the migration calls were conducted where possible. We note that the provided scope document erroneously stated that the scenarios succeeded, whereas, in reality, the mainnet WBTC scenario was failing.
Medium Severity
Insufficient Reserves In cWBTC
The migration script calls the _reduceReserves function of the cWBTC contract to transfer 2 WBTC to the Timelock contract in order to seed the new WBTC Comet Market. However, the cWBTC contract only holds 0.01832213 WBTC in reserves at the time of this audit and, thus, does not have the required reserves for the call to execute successfully. A simulation was executed on Tenderly which confirms that the _reduceReserves call would fail.
Consider opting for an alternative method of seeding the new WBTC Comet Market.
Low Severity
WBTC Mainnet Scenario Failure
The results of the automated actions which simulate the intended actions were provided as part of the scope document for this review. However, the provided document incorrectly states that the scenario action for mainnet WBTC succeeds, whereas, it had failed.
Consider ensuring that all scenarios pass as part of the normal development process. Doing this will help surface issues prior to submission for audit.
Newly Added Assets Have No Supply Cap
The initialization of the WBTC Comet Market relies on configuration parameters passed to the Configurator contract. These values are populated from a configuration file. The issue is that the supply cap for both LBTC and PumpBTC is set to zero in the configuration file.
Consider correcting the initial supply caps to use the values recommended by Gauntlet in this forum post. Specifically, the supply cap for each asset should be:
- LBTC: 200 tokens
- pumpBTC: 15 tokens
Notes & Additional Information
Proposal Description Incomplete
The proposal description notes:
Further detailed information can be found on the corresponding proposal pull request, deploy market GitHub action run and forum discussion.
However, the deploy market GitHub action run link is empty. Consider adding the URL for the link to the proposal description.
Conclusion
OpenZeppelin conducted a review of the WBTC Comet Market that is set to launch on Compound. The review uncovered one medium-severity issue along with some other issues of lower-severity. The cWBTCv3 Comet has not been deployed at the time of the audit, but we expect it to utilize the correct and most recently audited comet contract. The primary concern identified was the insufficient funds in the cWBTC contract, which could lead to the proposal reverting due to a lack of funds after the _reduceReserves call.