SolvBTC’s re-evaluation
Solv contacted us to re-evaluate the SolvBTC access control after implementing a Timelock contract as the new super admin.
The following outlines the key security concerns we previously raised and details how the Solv team has addressed them.
Security concerns
1. General system’s access control
Previous State:
- Access control was very centralized, distributed between EOA’s and Safe Wallets with low threshold.
Current State:
Resolved.
The Solv team has moved the most critical access control to the new SolvTimelock, increasing the system security in terms of upgradability and other administrative tasks.
- SolvTimelock overview: The SolvTimelock is a non-upgradable, using the OZ TimelockController role-based standard contract that enforces a delay before executing calls.
The following shows the updated access control risk table of the OpenFundMarket contract:
| Previous Permission Owner | Current Permission Owner | functions | Criticality | Previous Risk | Current Risk |
|---|---|---|---|---|---|
| ProxyAdmin →EOA (0x55C0…013E) | ProxyAdmin → SolvTimelock | upgrade, upgradeAndCall | CRITICAL |  |
 |
| Admin: Safe 3-of-5 | Admin: SolvTimelock | setGovernorOnlyAdmin | HIGH | |
|
| Governor: EOA (0x55C0…013E) | Governor: SolvTimelock | updatePoolInfoOnlyGovernor, setCurrencyOnlyGovernor, addSFTOnlyGovernor, removeSFTOnlyGovernor, setProtocolFeeOnlyGovernor, updateFundraisingEndTime | HIGH | |
|
| Pool Managers: WBTC → EOA (0x2e51…2BB0) | Pool Managers: WBTC → EOA (0x2e51…2BB0) MPC 2/3 Multisig | setWhiteList, closeCurrentRedeemSlot, removePool | HIGH | |
 * |
| subscribeNavManager: Safe 1-of-3 | subscribeNavManager: Safe 3-of-5 | setSubscribeNav | HIGH | |
|
| redeemNavManager: Safe 1-of-3 | redeemNavManager: Safe 3-of-5 | setRedeemNav, updateFundraisingEndTime | HIGH | |
|
*It is outside the scope of this analysis to evaluate MPC wallets since they cannot be distinguished from EOA wallets on-chain. However, we raised the risk to medium because the team confirmed it as an MPC wallet.
OpenFundRedemption
The OpenFundRedemption is the contract for users to claim their requested redemptions. It is an OZ Beacon Proxy with a 2-step ownable for access control.
The following shows the updated access control risk table of the OpenFundRedemption contract:
| Previous Permission Owner | Current Permission Owner | functions | Criticality | Previous Risk | Current Risk |
|---|---|---|---|---|---|
| Admin → BeaconFactory → EOA (0x55C0…013E) | Admin → BeaconFactory → SolvTimelock | upgradeTo, setConcreteOnlyAdmin | CRITICAL | |
|
| OpenFundMarket | OpenFundMarket | createSlotOnlyIssueMarket, setRedeemNavOnlyMarket | HIGH | |
|
Miscellaneous
- The SolvTimelock uses
TimelockControllerstandard from OpenZeppelin without changes. The security review of the OZ contracts can be found here.
Conclusion
After the improvements, SolvBTC has increased its security in terms of upgradability, and there are no major blockers for listing.