AUSD (Agora) technical analysis
Summary
This is a technical analysis of all the smart contracts of the asset and main dependencies.
Disclosure: This is not an exhaustive security review of the asset like the ones done by the Agora Team, but an analysis from an Aave technical service provider on different aspects we consider critical to review before a new type of listing.
Consequently, like with any security review, this is not an absolute statement that the asset is flawless, only that, in our opinion, we don’t see significant problems with its integration with Aave, apart from different trust points.
Analysis
Agora AUSD is a stablecoin backed by Agora’s Reserves, which consists of traditional currency and cash equivalents, including short-term U.S. Treasury securities.
AUSD is minted and burned by entities with respective roles after a rigorous customer onboarding procedure, ensuring compliance with KYB and AML regulations. It uses the Open stablecoin model, which pays businesses to provide services to Agora AUSD.
For the context of this analysis, our focus has been on the following aspects, critical for the correct and secure integration with Aave:
- Access control (ownerships, admin roles) and nature of the entities involved.
- Any miscellaneous aspect of the code we can consider of importance.
- A recommendation of pricing strategy to be used in the integration asset <> Aave.
General points
- AUSD has a common architecture across its instances on EVM chains, currently operational on Ethereum mainnet, Avalanche, and Mantle. This analysis will focus on the contracts deployed on Avalanche since the proposed onboarding will be there.
- The upgradeability admin of the AUSD system is the EOA 0x6889…30e2.
- For proxies, an extended version of the OZ transparent proxy is used to reduce gas consumption by introducing some ERC20 functions.
Contracts
The following is a non-exhaustive overview of the main smart contracts involved with AUSD.
AUSD
The AUSD is the sole contract of the AUSD system. It’s an upgradable ERC20 contract that enhances user experience by implementing the ERC-3009 for gasless token transfers and the ERC-2612 Permit for approvals via signatures.
The contract also implements role-based access control, where privileged accounts receive a specific role for minting, burning, and freezing AUSD. The extended version of the Transparent proxy introduces some direct ERC20 functions and immutable storage of the implementation address for gas optimization.
Access Control
- The system implements a 2-step transfer of privileged roles distributed in
ADMIN_ROLE
,MINTER_ROLE
,BURNER_ROLE
,PAUSER_ROLE
, andFREEZER_ROLE
.- The
ADMIN_ROLE
address (EOA 0x6889…30e2) or the current role owner can set/transfer the role by calling thetransferRole(role, address)
function, which sets arole
for theaddress
as pending. The receiveraddress
must call theacceptTransferRole(role)
to complete the role transfer.
- The
- The
ADMIN_ROLE
can enable/disable the ERC20 functions implemented in the proxy and delegate them to the implementation contract in case of an upgrade. The functions are transfer, transferFrom, transfer with authorization, and receiver with authorization by callingsetIsTransferUpgraded()
,setIsTransferFromUpgraded()
,setIsTransferWithAuthorizationUpgraded()
, andsetIsReceiveWithAuthorizationUpgraded()
, respectively. - The
MINTER_ROLE
address (EOA 0x65e2…d7fF) can mint new AUSD tokens in a batch for multiple users via thebatchMint()
function. - The
BURNER_ROLE
address (EOA 0x4375…dC1D) can burn AUSD tokens in a batch from multiple users via thebatchBurnFrom()
function. - The
FREEZER_ROLE
address (currently not assigned) can freeze an address via thefreeze(address)
function. This disables any AUSD transfers from the given address. The role owner can then unfreeze theaddress
by calling theunfreeze(address)
function. - The
PAUSER_ROLE
address (currently not assigned) can pause AUSD actions separately, giving more flexibility. The role can pause/unpause: mint, burn, freeze, transfer, and signatures verification by callingsetIsMintPaused
,setIsBurnFromPaused
,setIsFreezingPaused
,setIsTransferPaused
,setIsSignatureVerificationPaused
, respectively.
Miscellaneous
- The system has two technical audit reviews by Certora and Cantina Spearbit.
- Different EOAs currently control several critical parts of the AUSD system, such as mint/burn tokens, upgradability, and management of the roles responsible for different actions. Historically, this approach has been proven to be risky, as it could result in, e.g., unexpected malicious code in an upgrade or unauthorized addresses controlling roles if the private keys get leaked.
However, we have confirmed with the Agora team that the usage of EOAs is due to the underlying MPC (multi-party-computation) infrastructure securing them, a quite common practice in exchanges, centralized digital assets custodians, and other regulated parties.
Even if this adds very important centralization and trust assumptions, we believe it is acceptable at this stage, and with the type of listing proposed.
Asset Pricing
Similar to the recommendations of the risk providers, we suggest using the AUSD/USD Chainlink feed through a CAPO stables adapter.
Conclusion
We think AUSD doesn’t have any problem in terms of integration with Aave, and there is no major blocker.