As a part of Certora continuous formal verification activity, we have conducted a formal verification of cbETH token code using our generic ERC20 token specification.
It’s important to note that this is strictly a technical analysis of the smart contract code.
How to look at the dashboard
With Certora technology, we write rules that specify how a smart contract should behave and the tool either proves that the rule always holds or finds a counterexample. It’s impossible to specify general rules for all the ERC20 tokens, since they all have different features. We have chosen to specify a set of strict rules for tokens, for example “supply should always be fixed” and “transfer should always work”. As a result, a token with dynamic supply will obviously fail the fixed supply rule, and a token that has a pause and/or a blacklist function (like USDC) will fail the “transfer should always work”.
In the case of ERC20, the point of these rules is usually to present precise information about the token behavior to the community. This is how we should look at rule failures - usually not as bugs but as information about token features.
transferCorrect and transferFromReverts rules fail because the token is pausable and transfers don’t work correctly in a paused state.
otherBalanceOnlyGoesUp rule fails because transferWithAuthorization() and receiveWithAuthorization() change “other’s” balance and they’re not accounted for by our standard spec.
isMintPrivileged fails because there multiple wallets can get the minter role and mint new tokens by design
ChangingAllowance rule fails because the permit() function can change allowance and is not part of our standard spec.
In summary, the cbETH token code complies with our generic ERC20 specification and all the rule violations are by design.
We support the listing of cbETH to the Aave V3 market. As many of the community suggested, the liquidity of cbETH in DEX is insufficient for the supply itself. The supply of cbETH can be increased as more people stake.
The liquidity in DEX such as the Uni V3 cbETH/WETH pool, the pool size sits around $6.5m which we think it is not enough for mass liquidation. Additionally, around 60-70% of the volume came from Coinbase.
For these reasons, we are not in support of listing cbETH to the V2 market. However, we are in support of listing cbETH to Aave V3 market in isolation mode with a very tight parameters. After that, the e-mode can be supported for looping between ETH correlated assets.
Following are the initial analysis and risk parameters recommendations by Chaos Labs.
As of the day of this analysis (01/17/2022), cbETH has a market cap of ~$1B and daily trading volumes of $5M-$20M, with the two major liquidity venues being Coinbase and Uniswap V3.
While the counter-party risk is low with Coinbase as the issuing entity, cbETH is a new asset (launched on 09/22/2022) and a centralized token, requiring further and ongoing analysis to understand its complexity and usage before recommending increased caps and considering less conservative configurations.
Given the above, we recommend listing cbETH with borrowing disabled.
We recommend setting the LT at 74% and LTV at 71%. Since this is a new asset, we recommend not opening it in emode immediately but instead revisiting this option several weeks after the market is deployed and stable in production.
After further analysis, we have updated our recommendation to allow the listing of cbETH outside isolation mode.
Generally, as recommended in the Aave docs and as mentioned by several community members on this thread, listing new assets in isolation mode is a conservative approach and good practice.
However, in this case, we think the supply cap recommended is conservative enough to allow listing cbETH outside of isolation mode and recommend the less prudent approach.
If the community desires, we can add both options (yes/no isolation mode) to the Snapshot vote to better understand the current community risk appetite.
I see the risk params are conservative, but wanted to know if you took into account that the uniswap liquidity is not full range. This is key for oracles (not a concern atm because of great liquidity in Coinbase venue), but also for liquidations.
Thanks for the comment @miguelmtz. The above was indeed taken into account in the analysis.
Updated Parameter Recommendations:
Gauntlet and Chaos Labs have collaborated and shared our independent analyses for the listing of cbETH and rETH (recommendations for rETH in a separate post).
Considering the similarities between the analyses and conclusions, we have aligned on a set of recommendations for the initial listing of cbETH on Ethereum V3.
The primary considerations were to allow full utility and usage of the assets by enabling them to be borrowed, starting with relatively conservative LT and Supply/Borrow Caps.
Symbol
Isolation Mode
Borrowable
Collateral Enabled
LTV
LT
LB
RF
LPF
Debt Ceiling
Supply Cap
Borrow Cap
cbETH
NO
YES
YES
67%
74%
7.5%
15%
0.10
N/A
10K
1200
Interest Rate Curve and Reserve Factor
The interest rate curve analyses and recommendations provided by Gauntlet:
cbETH is similar to stETH, which has been listed on Ethereum v2 since last Spring, but since borrowing has always been disabled for stETH, we have no data about how users respond to changes in interest rates. As such, we recommend starting with conservative parameters that can be tweaked later.
Under these parameters, the borrower interest rate increases linearly from 0% at 0% utilization to 7% at 45% utilization, and then linearly to 307% at 100% utilization. This interest rate curve matches that of the more volatile assets on Aave (1INCH, CRV, ENS, LINK, MKR, UNI). From a risk perspective, interest rate curves need to be designed to reduce the chances of utilization reaching 100% which would prevent suppliers from withdrawing cbETH and prevent liquidators from seizing cbETH collateral when performing liquidations. The proposed interest rate curve is thus desirable because it uses a low optimal utilization and has a high maximum interest rate.
Similar to our reply to the rETH thread, considering the conservative caps on cbETH,
the ACI is now supportive of onboarding cbETH into V3 emode even before shanghai to allow Aave to be competitive while maintaining risk into sustainable territories.
As we’ve discussed before, cbETH shares many characteristics with wstETH, including the type of debt that it will support. Given that wstETH will be initialized with eMode params of LT 93%, LTV 90%, LB 1%, we recommend that cbETH be listed with lower LT and LTV and higher LB to account for the collateral difference.
First off - wanted to thank the massive community effort behind listing this asset.
@AndrewA for the support, willingness, and ambition @bgdlabs for the technical guidance and education for deployment @ChaosLabs & @Pauljlei (Gauntlet) for the risk parameters @MarcZeller for consultation and sanity
This was a truly collaborative effort and is a testimony to the talent which lies within Aave.
I now more deeply understand the complexities of Aave Governance
Flipside Crypto will propose onboarding cbETH to Aave’s Ethereum V3 pools tomorrow.
We appreciate your support in voting once on-chain!
I think it is important that AAVE should ensure the decentralization of ethereum as a platform. It is one of the main values of #DeFi and by extension of AAVE. In the case of staking, I think it is relevant to weigh those liquid staking providers that have a strong commitment to the non-imposition of censorship in the validation process. In this sense, I attach the % of validators that currently carry out censorship in transactions in coinbase staking.
I believe that within the criteria of debt celing this information should be taken into account. Coinbase does not present the worst data in this regard but I think it is something to consider.
I think in the light of Kraken’s settlement with the SEC today, legal analysis is required. its very likely that cbeth is not a security but legal risk analysis is important nevertheless
While I’m far from qualified to discuss securities laws and lawyers input are always valuable,
the likely “worse case scenario” would be Coinbase being forced to wind down their staking operation resulting in a announced date that will stop cbETH minting and a redeem period for fair underlying value following shanghai upgrade and as allowed by the withdrawal queue.
this scenario doesn’t impact Aave of the fair value of cbETH and doesn’t seem to be a particular risk.
I want to remind that the Kraken decision is for US citizens, Aave protocol is decentralized and permisionless and as a EU citizen, I still have full access to Kraken staking services.
