Stephen Tong, co-founder of blockchain safety agency Zellic, discovered bugs in hottest good contract ever
Contents
In his Format Verification of Wrapped ETH (WETH) analysis, Stephen Tong verified two parameters essential for the tokenomical design of Wrapped Ether, an ERC-20 token that mirrors Ether (ETH) in DeFi purposes.
Analyst checked accuracy of whole WETH provide and its solvency: Outcomes
Right this moment, on Nov. 19, 2022, Tong revealed a evaluation on two options of Wrapped Ethereum (WETH), a sensible contract on the Ethereum (ETH) community designed to streamline ETH utilization in DeFi by “wrapping” it into a daily ERC-20 asset.
A bug in WETH:
Wrapped ETH is a brilliant contract that has been in over 125 MILLION Ethereum transactions. This yr, 11.5% of all transactions used Wrapped ETH.
However is it safe? I formally verified two important security properties with a SMT solver, Z3.👇🧵https://t.co/KH5vLjxwnm pic.twitter.com/fM7cf3TLAg— cts (@gf_256) November 19, 2022
He leveraged Constrained Horn Clause (CHC) devices to mannequin all doable states of Wrapped Ethereum (ETH). Then, he checked whether or not the “whole provide” metric of WETH good contract truly equals the variety of tokens minted.
He additionally tried to confirm whether or not it was doable to redeem ETH from WETH at any time; Tong referred to as this operate “solvency.”
Concerning the primary level, the analyst unveiled that the full provide will not be essentially equal to the quantity of tokens in existence:
Technically talking, the ERC-20 normal specifies that totalSupply() ought to equal the…”whole provide”. Which is kinda imprecise, however one would assume that it might be the full tokens in existence
Through the selfdestruct operate, which terminates a contract or transfers of any contract funds to a specified handle, customers would be capable of mint WETH tokens with out truly sending ETH for wrapping, Tong concluded.
Is that this actually harmful for WETH customers?
He additionally demonstrated that the depositor of Ethers (ETH) is not going to essentially be capable of withdraw their funds from good contracts at any time.
Unsat! That is the outcome we need to see! pic.twitter.com/ls7bhPakY1
— cts (@gf_256) November 19, 2022
As such, he supplied two hypothetical fashions to show the absence of correlation between the WETH contract stability and the precise variety of tokens minted, in addition to the “solvency flaw” that would have an effect on the withdrawal course of.
Nonetheless, he confused that each conditions are hypothetical and modeled just for the experiment. The bugs within the analysis are “minor” and “innocent.”
Since its launch in 2020, Zellic audited a lot of top-tier DeFi protocols, together with the likes of 1inch (1INCH), LayerZero and SushiSwap (SUSHI).